Hello,
I'm running RHEL 5 with SELinux in enforcing mode.  I like the new
"setroubleshootd" with the Gnome applet, but I have a question about
automounter and SELinux.  I've gotten tens of alerts saying the
following:

"SELinux is preventing /bin/mount (mount_t) "read write" to
socket:[854495] (automount_t)"

I also get similar alerts to /bin/umount.  I'm running the default
policy from Red Hat.  Why would the default policy complain so much
about mount/umount interacting with automount?  Should I use audit2allow
to set up a Type Enforcement file to allow this?

/Brian/
-- Brian Long | | . | | | . | | | . ' ' C I S C O _______________________________________________ rhelv5-list mailing list [email protected] https://www.redhat.com/mailman/listinfo/rhelv5-list

I believe this avc can be ignored. automount is leaking a open file descriptor which the kernel is closing before starting the mount command. The kernel checks its policy to see if mount can read/write the socket owned by automount and then closes it. Automount should have Closed the file descriptor on exec. I believe this bug is fixed in the latest code, but has not been back ported to RHEL5 yet.

--- Begin Message ---
Hello,

I'm running RHEL 5 with SELinux in enforcing mode.  I like the new
"setroubleshootd" with the Gnome applet, but I have a question about
automounter and SELinux.  I've gotten tens of alerts saying the
following:

"SELinux is preventing /bin/mount (mount_t) "read write" to
socket:[854495] (automount_t)"

I also get similar alerts to /bin/umount.  I'm running the default
policy from Red Hat.  Why would the default policy complain so much
about mount/umount interacting with automount?  Should I use audit2allow
to set up a Type Enforcement file to allow this?

/Brian/
-- 
       Brian Long                             |       |
                                          . | | | . | | | .
                                              '       '
                                              C I S C O

_______________________________________________
rhelv5-list mailing list
[email protected]
https://www.redhat.com/mailman/listinfo/rhelv5-list


--- End Message ---

Attachment: signature.asc
Description: PGP signature

_______________________________________________
rhelv5-list mailing list
[email protected]
https://www.redhat.com/mailman/listinfo/rhelv5-list

Reply via email to