Description of problem: Whenever I plug-in a wired ethernet to a system running NetworkManager, I am observing a series of SELinux alerts similar to this: May 15 05:02:09 columbo setroubleshoot: SELinux is preventing mount (mount_t) "read" sysfs_t. For complete SELinux messages. run sealert -l 5b990766-fdec-44bb-9960-1cb30c15597e May 15 05:02:10 columbo setroubleshoot: SELinux is preventing mount (mount_t) "read" sysfs_t. For complete SELinux messages. run sealert -l 3f7edc52-ce3e-4681-a8ec-769dfdabff9b May 15 05:02:11 columbo setroubleshoot: SELinux is preventing mount (mount_t) "read" sysfs_t. For complete SELinux messages. run sealert -l 7b00c48a-9845-4786-aaa2-24f99dab8d44 May 15 05:02:12 columbo setroubleshoot: SELinux is preventing mount (mount_t) "read" sysfs_t. For complete SELinux messages. run sealert -l abab990d-1af2-4c44-9436-ec4e74a14a64 May 15 05:02:12 columbo setroubleshoot: SELinux is preventing mount (mount_t) "read" sysfs_t. For complete SELinux messages. run sealert -l 3f7edc52-ce3e-4681-a8ec-769dfdabff9b May 15 05:02:13 columbo setroubleshoot: SELinux is preventing mount (mount_t) "read" sysfs_t. For complete SELinux messages. run sealert -l 7b00c48a-9845-4786-aaa2-24f99dab8d44 Version-Release number of selected component (if applicable): selinux-policy-targeted-3.6.12-34.fc11.noarch selinux-policy-3.6.12-34.fc11.noarch How reproducible: Always, on one machine. On a second (different) machine with a very similar setup, this doesn't happen. Steps to Reproduce: 1. Boot machine, login 2. unplug ethernet cable, wait for a couple of minutes 3. plug in ethernet cable Actual results: Sealerts pop up. Expected results: No alerts. Additional info: * All sealerts contain something similar to this, except that individual sealerts refer to other "dm-X" (dm-0 .. dm-3): ... Raw Audit Messages node=columbo type=AVC msg=audit(1242356523.274:203): avc: denied { read } for pid=1252 comm="mount" name="dm-3" dev=sysfs ino=7197 scontext=system_u:system_r:mount_t:s0 tcontext=system_u:object_r:sysfs_t:s0 tclass=lnk_file node=columbo type=SYSCALL msg=audit(1242356523.274:203): arch=40000003 syscall=5 success=no exit=-13 a0=bf95fa0c a1=98800 a2=8e1100 a3=bf95fa0c items=0 ppid=1230 pid=1252 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="mount" exe="/bin/mount" subj=system_u:system_r:mount_t:s0 key=(null) ... Unfortunately this leaves me rather clueless. * touch .autorelabel + reboot does not help.
This bug appears to have been reported against 'rawhide' during the Fedora 11 development cycle. Changing version to '11'. More information and reason for this action is here: http://fedoraproject.org/wiki/BugZappers/HouseKeeping
I'm getting the same audit messages with F11.
Output from sealert: Summary: SELinux is preventing mount (mount_t) "read" sysfs_t. Detailed Description: ... Additional Information: Source Context system_u:system_r:mount_t:s0-s0:c0.c1023 Target Context system_u:object_r:sysfs_t:s0 Target Objects /sys/block/dm-10 [ lnk_file ] Source mount Source Path /bin/mount Port <Unknown> Host krabat.ahsoftware Source RPM Packages util-linux-ng-2.14.2-9.fc11 Target RPM Packages Policy RPM selinux-policy-3.6.12-69.fc11 Selinux Enabled True Policy Type targeted MLS Enabled True Enforcing Mode Enforcing Plugin Name catchall Host Name krabat.ahsoftware Platform Linux krabat.ahsoftware 2.6.29.6-217.2.3.fc11.x86_64 #1 SMP Wed Jul 29 16:02:42 EDT 2009 x86_64 x86_64 Alert Count 20 First Seen Mon Jul 27 11:18:25 2009 Last Seen Sat Aug 8 18:21:07 2009 Local ID 4e8e103c-8546-4172-b63b-bc6efdabb21e Line Numbers Raw Audit Messages node=krabat.ahsoftware type=AVC msg=audit(1249748467.276:116): avc: denied { read } for pid=2958 comm="mount" name="dm-10" dev=sysfs ino=7859 scontext=system_u:system_r:mount_t:s0-s0:c0.c1023 tcontext=system_u:object_r:sysfs_t:s0 tclass=lnk_file node=krabat.ahsoftware type=SYSCALL msg=audit(1249748467.276:116): arch=c000003e syscall=2 success=no exit=-13 a0=7fff4dd5ae00 a1=90800 a2=7fff4dd5ae17 a3=fffffffb items=0 ppid=2956 pid=2958 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="mount" exe="/bin/mount" subj=system_u:system_r:mount_t:s0-s0:c0.c1023 key=(null)
Fixed in selinux-policy-3.6.26-9.fc12.noarch
Reopening, this bug was filed against FC11. Fixed RAWHIDE is not a solution
Miroslav add dev_read_sysfs(mount_t)
Fixed in selinux-policy-3.6.12-75.fc11
Closing all bugs that have been in modified for over a month. Please reopen if the bug is not actually fixed.