Re: Questions about /net and /proc

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



James Z. Li wrote:

In the shell script, namely redhat-install.sh
...
REDHAT_AREA=/net/redhat;
SERVER=abc.foo.edu;
if [ ! -d ${REDHAT_AREA}/bin ]; then
   mkdir -p ${REDHAT_AREA}/bin;
fi
echo "Copying some files from server"
scp -r ${SERVER}:${REDHAT_AREA}/bin/ ${REDHAT_AREA}
...

I labeled the redhat-install.sh script as file_t and shell_exec_t,
but they both did not work. There is no security context for /net
and /net is empty on my machine, so when I run this script, the error messages are:
mkdir: cannot create directory `/net/redhat': Permission denied
Copying some files from server
/net/redhat: Permission denied
I think this is a DAC error. /net is controled by the automounter. If you
setenforce 0
mkdir /net/redhat
mkdir: cannot create directory `/net/redhat': Permission denied

So I think you either need to turn off automounter or use a different directory.

There is no AVC messages in either /var/log/messages or /var/log/audit/audit.log. There are these lines in /var/log/messages:
Aug 15 16:51:17 ko automount[3254]: >> /usr/sbin/showmount: can't get
address for redhat
Aug 15 16:51:17 ko automount[3254]: lookup(program): lookup for redhat failed
Aug 15 16:51:17 ko automount[3254]: failed to mount /net/redhat

Thanks a lot,

James

On 8/15/05, Daniel J Walsh <dwalsh@xxxxxxxxxx> wrote:
James Z. Li wrote:

Hi all,

I have several root shell scripts which need create directories
under /net or /proc. They are running well under Fedora Core 2.
After I upgrate to FC4 with targeted SELinux policy, those
scripts are not running under either enforcing or permissive mode.
Error messages like Unable to create directories under /net or /proc.
I used "ls -Z" to check security contexts for /net and /proc,
they both have empty security labels.
As a root (root:system_r:unconfined_t), I cannot manually create
anything under those two directories.

What should I do in order to make /net and /proc writtable?

Thanks,

James

--
fedora-selinux-list mailing list
fedora-selinux-list@xxxxxxxxxx
http://www.redhat.com/mailman/listinfo/fedora-selinux-list


Could you supply the avc messages from /var/log/audit/audit.log or
/var/log/messages.

--





--


--
fedora-selinux-list mailing list
fedora-selinux-list@xxxxxxxxxx
http://www.redhat.com/mailman/listinfo/fedora-selinux-list

[Index of Archives]     [Fedora Users]     [Fedora Desktop]     [Big List of Linux Books]     [Yosemite News]     [Yosemite Campsites]     [KDE Users]     [Gnome Users]

  Powered by Linux