Note: This is a beta release of Red Hat Bugzilla 5.0. The data contained within is a snapshot of the live data so any changes you make will not be reflected in the production Bugzilla. Also email is disabled so feel free to test any aspect of the site that you want. File any problems you find or give feedback here.
Bug 156334 - rhgb denied by rhgb_t with mounton to /etc/rhgb/temp
Summary: rhgb denied by rhgb_t with mounton to /etc/rhgb/temp
Alias: None
Product: Fedora
Classification: Fedora
Component: selinux-policy-strict
Version: 4
Hardware: All
OS: Linux
Target Milestone: ---
Assignee: Daniel Walsh
QA Contact:
Depends On:
TreeView+ depends on / blocked
Reported: 2005-04-29 00:11 UTC by Che Gonzalez
Modified: 2007-11-30 22:11 UTC (History)
0 users

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Clone Of:
Last Closed: 2005-04-29 17:50:27 UTC

Attachments (Terms of Use)

Description Che Gonzalez 2005-04-29 00:11:04 UTC
Description of problem:

At first, I thought of logging this bug in as an selinux bug since testing my
strict policy fails on the line "allow rhgb_t etc_t:dir mounton;".  However
after looking at the log entry below, I wondered if any process, other than some
remote workstation process, should have mounton anywhere near /etc.  

Apr 28 19:32:54 xix kernel: audit(1114716755.277:0): avc:  denied  { mounton }
for  path=/etc/rhgb/temp dev=dm-0 ino=17467378 scontext=system_u:system_r:rhgb_t
tcontext=system_u:object_r:etc_t tclass=dir

Version-Release number of selected component (if applicable):

How reproducible:
On Boot

Steps to Reproduce:
1. Set selinux policy to strict and permissive
2. Reboot
3. See /var/log/messages for avc message of rhgb_t accessing /etc/rhgb/temp
Actual results:
rhgb_t attempts to access /etc/rhgb/temp

Expected results:
rhgb_t should access /tmp/rhgb

Additional info:
maybe a strict policy update is required for rhgb

Comment 1 David Zeuthen 2005-04-29 00:39:17 UTC
Reassigned to selinux-policy-strict.

Comment 2 Daniel Walsh 2005-04-29 17:50:27 UTC
/etc/rhgb/temp is mislabeled.  Should be mnt_t

restorecon -R -v /etc/rhgb

Note You need to log in before you can comment on or make changes to this bug.