LinuxQuestions.org
Visit Jeremy's Blog.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Security
User Name
Password
Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.

Notices

Reply
 
Search this Thread
Old 07-26-2007, 08:49 AM   #1
louisb
Member
 
Registered: Aug 2003
Posts: 132

Rep: Reputation: 15
SELinux Message when trying automount/autofs


I'm trying to perform an automount for the very first time on a Red Hat Linux Enterprise 5 workstation. I've modified the "auto.master" and restarted "autofs". When I attempt to peform a cd on the automounted device I get the following message:

SummarySELinux is preventing /usr/sbin/automount (automount_t) "mounton" access to /home/users (user_home_dir_t).Detailed DescriptionSELinux denied access requested by /usr/sbin/automount. It is not expected that this access is required by /usr/sbin/automount and this access may signal an intrusion attempt. It is also possible that the specific version or configuration of the application is causing it to require additional access. Please file a bug report against this package.Allowing AccessSometimes labeling problems can cause SELinux denials. You could try to restore the default system file context for /home/users, restorecon -v /home/users. There is currently no automatic way to allow this access. Instead, you can generate a local policy module to allow this access - see FAQ - or you can disable SELinux protection entirely for the application. Disabling SELinux protection is not recommended. Please file a bug report against this package. Changing the "automount_disable_trans" boolean to true will disable SELinux protection this application: "setsebool -P automount_disable_trans=1."The following command will allow this access:setsebool -P automount_disable_trans=1Additional InformationSource Context: root:system_r:automount_tTarget Context: rootbject_r:user_home_dir_tTarget Objects: /home/users [ dir ]Affected RPM Packages: autofs-5.0.1-0.rc2.42 [application]Policy RPM: selinux-policy-2.4.6-30.el5Selinux Enabled: TruePolicy Type: targetedMLS Enabled: TrueEnforcing Mode: EnforcingPlugin Name: plugins.disable_transHost Name: localhost.localdomainPlatform: Linux localhost.localdomain 2.6.18-8.el5 #1 SMP Fri Jan 26 14:15:21 EST 2007 i686 i686

Alert Count: 1Line Numbers: Raw Audit Messages :avc: denied { mounton } for comm="automount" dev=dm-0 egid=0 euid=0 exe="/usr/sbin/automount" exit=-13 fsgid=0 fsuid=0 gid=0 items=0 name="users" path="/home/users" pid=4713 scontext=root:system_r:automount_t:s0 sgid=0 subj=root:system_r:automount_t:s0 suid=0 tclass=dir tcontext=rootbject_r:user_home_dir_t:s0 tty=(none) uid=0

Can anyone tell me what is happing here? I did execute the suggest command to disable SELinux however, I'm not comfortable with it because I'd like to have as much security as possible. Since I do travel and I'm learning Linux for the first time.

Thank
 
Old 07-28-2007, 05:27 AM   #2
unSpawn
Moderator
 
Registered: May 2001
Posts: 27,558
Blog Entries: 54

Rep: Reputation: 2927Reputation: 2927Reputation: 2927Reputation: 2927Reputation: 2927Reputation: 2927Reputation: 2927Reputation: 2927Reputation: 2927Reputation: 2927Reputation: 2927
I did execute the suggest command to disable SELinux
You mean the automount_disable_trans boolean? Or all of SELinux? Next to that it says "Instead, you can generate a local policy module to allow this access", so check out 'audit2allow'. Since you use FC5 you need to install the selinux-policy-$POLICYTYPE-sources, run "cat /var/log/messages | audit2allow > /etc/selinux/$POLICYTYPE/src/policy/domains/misc/custom.te then "make -C /etc/selinux/$POLICYTYPE/src/policy load". That should work.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
"../system.h :selinux/selinux.h:no such file or directory" ashmita04 Linux From Scratch 4 02-05-2009 04:36 AM
app causing selinux audit message dansawyer Linux - Security 1 01-21-2007 12:44 PM
Autofs and automount socks Linux - Software 0 07-20-2004 01:28 PM
samba & autofs (automount) acb67 Linux - Networking 4 06-10-2004 11:57 AM
Setting up automount with autofs smattbac Slackware 0 10-12-2003 09:51 AM


All times are GMT -5. The time now is 12:39 AM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration