448600 – mounting gfs2 partitions causes avc

Bug 448600 - mounting gfs2 partitions causes avc

Summary: mounting gfs2 partitions causes avc

Keywords:
Status:	CLOSED DUPLICATE of bug 435945
Alias:	None
Product:	Fedora
Classification:	Fedora
Component:	gfs2-utils
Sub Component:
Version:	rawhide
Hardware:	All
OS:	Linux
Priority:	low
Severity:	low
Target Milestone:	---
Assignee:	Steve Whitehouse
QA Contact:	Fedora Extras Quality Assurance
Docs Contact:
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+	depends on / blocked

Reported:	2008-05-27 19:34 UTC by Dave Jones
Modified:	2015-01-04 22:30 UTC (History)
CC List:	5 users (show)
Fixed In Version:
Doc Type:	Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed:	2008-05-28 10:21:15 UTC
Type:	---
Embargoed:
Dependent Products:

Attachments	(Terms of Use)

Description Dave Jones 2008-05-27 19:34:21 UTC

type=1400 audit(1211930671.516:7): avc:  denied  { sys_module } for  pid=2818
comm="mount.gfs2" capability=16
scontext=system_u:system_r:mount_t:s0-s0:c0.c1023
tcontext=system_u:system_r:mount_t:s0-s0:c0.c1023 tclass=capability

Comment 1 Daniel Walsh 2008-05-27 20:24:43 UTC

grrr having the mount command able to load system modules is just wrong...

Can't we just have the kernel realize there are gfs2 file systems around and
load the module?  

If I allow this, this would allow all confined domains that need to mount stuff
the ability to load kernel modules.

Comment 2 Chris Feist 2008-05-27 21:51:21 UTC

Steve,

What can we do to get these modules to auto load when we try to mount a gfs
filesystem?  (without doing it in mount.gfs2)

Comment 3 Steve Whitehouse 2008-05-28 07:28:15 UTC

The modules do autoload when we mount a gfs2 filesystem. The problem is that
mount.gfs2 requires the lock_dlm module to be loaded _before_ we mount the
filesystem.

Comment 4 Steve Whitehouse 2008-05-28 10:21:15 UTC


*** This bug has been marked as a duplicate of 435945 ***

Note You need to log in before you can comment on or make changes to this bug.