Bug 471092 - denied umount.nfs write to mtab
denied umount.nfs write to mtab
Status: CLOSED NOTABUG
Product: Fedora
Classification: Fedora
Component: selinux-policy (Show other bugs)
rawhide
All Linux
medium Severity medium
: ---
: ---
Assigned To: Daniel Walsh
Fedora Extras Quality Assurance
:
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2008-11-11 13:56 EST by Orion Poplawski
Modified: 2008-11-13 08:36 EST (History)
3 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2008-11-11 17:05:55 EST
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)

  None (edit)
Description Orion Poplawski 2008-11-11 13:56:22 EST
Description of problem:

Nov 10 14:07:30 test kernel: type=1400 audit(1226351250.565:6): avc:  denied  { write } for  pid=24077 comm="umount.nfs" name="mtab" dev=dm-0 ino=316774 scontext=system_u:system_r:mount_t:s0 tcontext=unconfined_u:object_r:etc_t:s0 tclass=file

This is probably an automount mount expiring.

Version-Release number of selected component (if applicable):
selinux-policy-3.5.13-18.fc10.noarch
Comment 1 Daniel Walsh 2008-11-11 17:05:55 EST
 ls -lZ /etc/mtab 
-rw-r--r--  root root unconfined_u:object_r:etc_runtime_t:s0 /etc/mtab

You have a mislabeled /etc/mtab

restorecon /etc/mtab

Any idea how it got mislabeled?
Comment 2 Orion Poplawski 2008-11-12 13:45:17 EST
Well, if I run restorecon in kickstart %post:

restorecon reset /etc/mtab context system_u:object_r:etc_t:s0->system_u:object_r:etc_runtime_t:s0

I'll remove restorecon from %post and see what the fresh install looks like.
Comment 3 Daniel Walsh 2008-11-13 08:36:05 EST
Do you have a rpm that is modifying /etc/mtab directly?

Note You need to log in before you can comment on or make changes to this bug.