Bug#652319: selinux-policy-default: avc denial errors /lib/udev/fstab_import on /etc/fstab

Thu, 15 Dec 2011 19:09:20 -0800 

Package: selinux-policy-default
Version: 2:0.2.20100524-7+squeeze1
Severity: low


On bootup I'm getting the following errors:
Dec 15 20:25:43 tx-web01 kernel: [1419609.818930] type=1400 
audit(1323998741.657:3): avc:  denied  { read } for  
pid=245 comm="fstab_import" name="fstab" dev=xvda ino=5548807 
scontext=system_u:system_r:udev_t:s0-s0:c0.c1023 
tcontext=system_u:object_r:file_t:s0 tclass=file
Dec 15 20:25:43 tx-web01 kernel: [1419609.818966] type=1400 
audit(1323998741.657:4): avc:  denied  { open } for  
pid=245 comm="fstab_import" name="fstab" dev=xvda ino=5548807 
scontext=system_u:system_r:udev_t:s0-s0:c0.c1023 
tcontext=system_u:object_r:file_t:s0 tclass=file
Dec 15 20:25:43 tx-web01 kernel: [1419609.819013] type=1400 
audit(1323998741.657:5): avc:  denied  { getattr } for  
pid=245 comm="fstab_import" path="/etc/fstab" dev=xvda ino=5548807 
scontext=system_u:system_r:udev_t:s0-s0:c0.c1023 
tcontext=system_u:object_r:file_t:s0 tclass=file

ls -laZ /lib/udev/fstab_import /bin/mount
-rwsr-xr-x. 1 root root system_u:object_r:mount_exec_t:s0 78616 Jan 25  2011 
/bin/mount
-rwxr-xr-x. 1 root root system_u:object_r:bin_t:s0        22528 Dec 12  2010 
/lib/udev/fstab_import
-rw-r--r--. 1 root root system_u:object_r:file_t:s0         466 Dec 15 20:25 
/etc/fstab

# restorecon /etc/fstab
# ls -laZ /etc/fstab
-rw-r--r--. 1 root root system_u:object_r:etc_t:s0 466 Dec 15 20:25 /etc/fstab

After a reboot it appears the label of fstab is reverted. I haven't edited 
/etc/fstab between these two events.

$ ls -laZ /etc/fstab 
-rw-r--r--. 1 root root system_u:object_r:file_t:s0 466 Dec 15 21:21 /etc/fstab
$ sudo restorecon /etc/fstab
$ ls -laZ /etc/fstab 
-rw-r--r--. 1 root root system_u:object_r:etc_t:s0 466 Dec 15 21:21 /etc/fstab


-- System Information:
Debian Release: 6.0.3
  APT prefers stable-updates
  APT policy: (500, 'stable-updates'), (500, 'stable')
Architecture: amd64 (x86_64)

Kernel: Linux 2.6.32-5-xen-amd64 (SMP w/4 CPU cores)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash

Versions of packages selinux-policy-default depends on:
ii  libpam-modules        1.1.1-6.1+squeeze1 Pluggable Authentication Modules f
ii  libselinux1           2.0.96-1           SELinux runtime shared libraries
ii  libsepol1             2.0.41-1           SELinux library for manipulating b
ii  policycoreutils       2.0.82-3           SELinux core policy utilities
ii  python                2.6.6-3+squeeze6   interactive high-level object-orie

Versions of packages selinux-policy-default recommends:
ii  checkpolicy              2.0.22-1        SELinux policy compiler
ii  setools                  3.3.6.ds-7.2+b1 tools for Security Enhanced Linux 

Versions of packages selinux-policy-default suggests:
pn  logcheck                      <none>     (no description available)
pn  syslog-summary                <none>     (no description available)

-- no debconf information



-- 
To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org

Reply via email to