Bug 468318 - SELinux is preventing updatedb (locate_t) "getattr" to /mnt/hgfs (unlabeled_t).
SELinux is preventing updatedb (locate_t) "getattr" to /mnt/hgfs (unlabeled_t).
Product: Fedora
Classification: Fedora
Component: selinux-policy (Show other bugs)
x86_64 Linux
medium Severity medium
: ---
: ---
Assigned To: Daniel Walsh
Fedora Extras Quality Assurance
Depends On:
  Show dependency treegraph
Reported: 2008-10-23 23:40 EDT by dynmosaic
Modified: 2008-10-27 16:28 EDT (History)
4 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Last Closed: 2008-10-24 08:34:49 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)

  None (edit)
Description dynmosaic 2008-10-23 23:40:33 EDT
Description of problem:
SELinux denied access requested by updatedb. It is not expected that this access is required by updatedb and this access may signal an intrusion attempt. It is also possible that the specific version or configuration of the application is causing it to require additional access. 

Version-Release number of selected component (if applicable):
Source Context:  system_u:system_r:locate_t:s0
Target Context:  system_u:object_r:unlabeled_t:s0
Target Objects:  /mnt/hgfs [ dir ]
Source:  updatedb
Source Path:  /usr/bin/updatedb
Port:  <Unknown>
Host:  fedora
Source RPM Packages:  mlocate-0.21-1.fc10
Target RPM Packages:  
Policy RPM:  selinux-policy-3.5.13-4.fc10
Selinux Enabled:  True
Policy Type:  targeted
MLS Enabled:  True
Enforcing Mode:  Enforcing
Plugin Name:  catchall_file
Host Name:  fedora
Platform:  Linux fedora #1 SMP Wed Oct 22 21:04:28 EDT 2008 x86_64 x86_64

How reproducible:
running fedora rawhide 64bits inside vmware workstation 6.5 on a vista host with share enabled to allow access of host files from fedora guest. 
vmware-tools are compiled and installed.

Steps to Reproduce:
1. cp something to /mnt/hgfs/Downloads
Actual results:
[root@fedora ~]# cp .bashrc  /mnt/hgfs/Downloads/
cp: cannot create regular file `/mnt/hgfs/Downloads/.bashrc': Permission denied

Expected results:

Additional info
Comment 1 Daniel Walsh 2008-10-24 08:34:49 EDT
Fixed in selinux-policy-3.5.13-7.fc10
Comment 2 dynmosaic 2008-10-27 16:28:50 EDT
Fix verified in selinux-policy-3.5.13-8.fc10. Thanks for your quick fix.

Note You need to log in before you can comment on or make changes to this bug.