Description of problem: I'm getting AVC 1-2 times a day (maybe some cron job?) Version-Release number of selected component (if applicable): autofs-5.0.3-26.x86_64 selinux-policy-targeted-3.5.10-3.fc10.noarch How reproducible: +- every day Steps to Reproduce: 1. 2. 3. Actual results: node=pok.englab.brq.redhat.com type=AVC msg=audit(1223895669.84:141): avc: denied { read } for pid=9095 comm="umount" path="/proc/2137/mounts" dev=proc ino=69747 scontext=system_u:system_r:mount_t:s0 tcontext=system_u:system_r:automount_t:s0 tclass=file node=pok.englab.brq.redhat.com type=SYSCALL msg=audit(1223895669.84:141): arch=c000003e syscall=59 success=yes exit=0 a0=7f28d4155f30 a1=7f28d4154ec0 a2=7f28d6438330 a3=7f28d4154110 items=0 ppid=2137 pid=9095 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="umount" exe="/bin/umount" subj=system_u:system_r:mount_t:s0 key=(null) Expected results: no AVC
Created attachment 320184 [details] SELinux prevented umount from mounting on the file or directory "/proc/<pid>/mounts" (type "automount_t"). # ps ax | grep 2137 2137 ? Ssl 0:00 automount 9580 pts/0 S+ 0:00 grep 2137
I think we already have a few bugs for this. Have a look at 390591, it has probably got the best information about this issue. I still need to act on Ulrichs comment about the close-on-exec so I need a Rawhide install. But my system has started to become ustable this last week or so and is particularly bad when trying to run vms. So I think I'll be replacing my system unit which is really bad timing just now, so it will be a little while longer before I get onto this. Ian
I'll leave this a NEW for now since we may end up marking it as a duplicate of another bug.
Thank you, closing. *** This bug has been marked as a duplicate of bug 390591 ***