Bug 498946 - errors from DeviceKit when ejecting a CD
errors from DeviceKit when ejecting a CD
Status: CLOSED RAWHIDE
Product: Fedora
Classification: Fedora
Component: selinux-policy (Show other bugs)
rawhide
All Linux
low Severity medium
: ---
: ---
Assigned To: Daniel Walsh
Fedora Extras Quality Assurance
:
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2009-05-04 10:55 EDT by Peter F. Patel-Schneider
Modified: 2009-05-04 14:20 EDT (History)
4 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2009-05-04 14:17:04 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)

  None (edit)
Description Peter F. Patel-Schneider 2009-05-04 10:55:47 EDT
Description of problem:

DeviceKit (and other) errors when ejecting a CD (using the Nautilus interface)

Version-Release number of selected component (if applicable):

Version in current F11 rawhide

How reproducible:

Always (on ThinkPad T60p)

Steps to Reproduce:
1. Pop a CD into the CD holder
2. Try to eject the mounted device from Nautilus
3.
  
Actual results:

Lots of errors, but they do appear to be benign, and the CD is umounted (but not ejected);  /etc/mtab ends up with extra entries

Expected results:

CD unmounted *and* ejected with no errors *and* /etc/mtab entry removed


Additional info:

1/ Error Popup:

Unable to eject F11-Beta-i686-live

org.freedesktop.DeviceKit.Disks.Error.Failed: Error ejecting: eject exited with exit code 1: can't rename /etc/mtab.tmp to /etc/mtab: Permission denied
umount: /dev/sr0: not mounted
umount: /media/F11-Beta-i686-Live: not found
can't rename /etc/mtab.tmp to /etc/mtab: Permission denied
umount: /dev/sr0: not mounted
umount: /media/F11-Beta-i686-Live: not found
can't rename /etc/mtab.tmp to /etc/mtab: Permission denied
umount: /dev/sr0: not mounted
umount: /media/F11-Beta-i686-Live: not found
eject: unmount of `/media/F11-Beta-i686-Live' failed

2/ /var/log/messages:

May  4 10:43:19 idefix kernel: type=1400 audit(1241448199.763:9): avc:  denied  { unlink } for  pid=4380 comm="umount" name="mtab" dev=dm-0 ino=10752 scontext=system_u:system_r:mount_t:s0-s0:c0.c1023 tcontext=system_u:object_r:net_conf_t:s0 tclass=file
May  4 10:43:19 idefix gnome-keyring-daemon[2022]: removing removable location: volume_label_F11_Beta_i686_Live
May  4 10:43:19 idefix kernel: type=1400 audit(1241448199.783:10): avc:  denied  { unlink } for  pid=4382 comm="umount" name="mtab" dev=dm-0 ino=10752 scontext=system_u:system_r:mount_t:s0-s0:c0.c1023 tcontext=system_u:object_r:net_conf_t:s0 tclass=file
May  4 10:43:19 idefix kernel: type=1400 audit(1241448199.783:11): avc:  denied  { unlink } for  pid=4382 comm="umount" name="mtab" dev=dm-0 ino=10752 scontext=system_u:system_r:mount_t:s0-s0:c0.c1023 tcontext=system_u:object_r:net_conf_t:s0 tclass=file
May  4 10:43:19 idefix kernel: type=1400 audit(1241448199.784:12): avc:  denied  { unlink } for  pid=4382 comm="umount" name="mtab" dev=dm-0 ino=10752 scontext=system_u:system_r:mount_t:s0-s0:c0.c1023 tcontext=system_u:object_r:net_conf_t:s0 tclass=file

2/ /etc/mtab after several attempts

idefix 56> cat /etc/mtab
/dev/mapper/vg_idefix-lv_root / ext4 rw 0 0
proc /proc proc rw 0 0
sysfs /sys sysfs rw 0 0
devpts /dev/pts devpts rw 0 0
/dev/sda1 /boot ext3 rw 0 0
tmpfs /dev/shm tmpfs rw,rootcontext="system_u:object_r:tmpfs_t:s0" 0 0
none /proc/sys/fs/binfmt_misc binfmt_misc rw 0 0
/tmp /tmp none rw,bind 0 0
/var/tmp /var/tmp none rw,bind 0 0
/home/xguest /home/xguest none rw,bind 0 0
sunrpc /var/lib/nfs/rpc_pipefs rpc_pipefs rw 0 0
gvfs-fuse-daemon /home/pfps/.gvfs fuse.gvfs-fuse-daemon rw,nosuid,nodev,user=pfps 0 0
/dev/sr0 /media/F11-Beta-i686-Live iso9660 ro,nosuid,nodev,uhelper=devkit,uid=1316,gid=1316,iocharset=utf8,mode=0400,dmode=0500 0 0
/dev/sr0 /media/F11-Beta-i686-Live iso9660 ro,nosuid,nodev,uhelper=devkit,uid=1316,gid=1316,iocharset=utf8,mode=0400,dmode=0500 0 0
/dev/sr0 /media/F11-Beta-i686-Live iso9660 ro,nosuid,nodev,uhelper=devkit,uid=1316,gid=1316,iocharset=utf8,mode=0400,dmode=0500 0 0
Comment 1 David Zeuthen 2009-05-04 11:06:22 EDT
Seems like a SELinux issue to me.
Comment 2 Daniel Walsh 2009-05-04 12:06:50 EDT
The problem seems to be /etc/mtab having the wrong context?

restorecon /etc/mtab 

Should fix the problem.

Did you use a tool like system-config-network?
Comment 3 Daniel Walsh 2009-05-04 12:08:37 EDT
Some app caused the /etc/mtab file to have the wrong label. Since it ended up with a label of net_conf_t I would figure the problem is caused by a network configuration app.  system-config-network. NetworkManager or dhclient.
Comment 4 Peter F. Patel-Schneider 2009-05-04 13:01:46 EDT
Yes, this appears to be the problem.

I expect that my fiddling around with udev scripts for hotswapping was the culprit.  I expect that this bug can be closed.

One question, however, what context should a udev script have?

Sorry for the probably false alarm.
Comment 5 Peter F. Patel-Schneider 2009-05-04 13:13:51 EDT
Hmm.  It appears that scripts run from udev somehow set net_conf_t context.  Is this expected?
Comment 6 Daniel Walsh 2009-05-04 13:18:51 EDT
udev has a transition rule

sysnet_etc_filetrans_config(udev_t)

Which says any file created in etc_t will be labeled net_conf_t.  But for some
reason udev created a new /etc/mtab which caused the problem.

bin_t labels for udev scripts are fine. Was the udev script executing mount? 
or some file system command that caused the /etc/mtab file to get changed?
Comment 7 Peter F. Patel-Schneider 2009-05-04 13:43:40 EDT
Yes the script was unmounting file systems.

The script is my attempt to handle bay removal for an UltraBay hard drive holder in response to a pre-eject udev event.  It unmounts the file systems for the disk in the bay before the bay is physically removed.  (There may be a better way of doing this, but I don't know of one.)
Comment 8 Daniel Walsh 2009-05-04 14:17:04 EDT
Well, I should probably have a transition form udev_t to mount_t when running mount/umount which would handle this situation.

optional_policy(`
	mount_domtrans(udev_t)
')

Since hotplug had similar policy this would make sense.

Fixed in selinux-policy-3.6.12-27.fc11.noarch

Note You need to log in before you can comment on or make changes to this bug.