Ian Kent wrote:
On Mon, 2007-03-26 at 12:05 -0400, Brian Long wrote:
Hello,
Hi Brian,
I'm running RHEL 5 with SELinux in enforcing mode. I like the new
"setroubleshootd" with the Gnome applet, but I have a question about
automounter and SELinux. I've gotten tens of alerts saying the
following:
"SELinux is preventing /bin/mount (mount_t) "read write" to
socket:[854495] (automount_t)"
We saw these during the beta.
Dan Walsh advised that they were due to automount having open file
handles upon exec of the external program. He recommended ensuring that
the "close on exec" flag was set for all opens (or socket create) calls
which was done by me and appeared to resolve the issue at the time.
So I'm not sure what is causing this now.
One thing that comes to mind is that there's a finite time between
opening and setting the flag for the file handle which can't avoided.
Perhaps Dan can give us more information?
As long as the flag is set before the exec there should not be a problem.
I also get similar alerts to /bin/umount. I'm running the default
policy from Red Hat. Why would the default policy complain so much
about mount/umount interacting with automount? Should I use audit2allow
to set up a Type Enforcement file to allow this?
Yes, same as above.
I think we may need a Bugzilla for this.
Ian
_______________________________________________
rhelv5-list mailing list
[email protected]
https://www.redhat.com/mailman/listinfo/rhelv5-list
