Running latest rawhide, targeted/enforcing.
I'm testing the latest vmware beta (6?).
Seems to want to mount on /proc/fs/vmware-block/mountPoint:
none on /proc/fs/vmware-block/mountPoint type vmware-block (rw)
This produces the following AVC during boot:
type=AVC msg=audit(1167500297.368:6): avc: denied { mount } for
pid=2225 comm="mount" name="/" dev=vmware-block ino=1
scontext=system_u:system_r:mount_t:s0
tcontext=system_u:object_r:unlabeled_t:s0 tclass=filesystem
type=SYSCALL msg=audit(1167500297.368:6): arch=40000003 syscall=21
success=yes exit=0 a0=937cdd8 a1=937ce00 a2=937cde8 a3=c0ed0000
items=0 ppid=2212 pid=2225 auid=4294967295 uid=0 gid=0 euid=0 suid=0
fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) comm="mount" exe="/bin/mount"
subj=system_u:system_r:mount_t:s0 key=(null)
I believe this is the associated AVC from 'unmount' during shutdown:
type=AVC msg=audit(1167502331.621:34): avc: denied { unmount } for
pid=4269 comm="umount" scontext=system_u:system_r:mount_t:s0
tcontext=system_u:object_r:unlabeled_t:s0 tclass=filesystem
type=SYSCALL msg=audit(1167502331.621:34): arch=40000003 syscall=22
success=yes exit=0 a0=9f20120 a1=bffc51f0 a2=9f20148 a3=9f20121
items=0 ppid=4268 pid=4269 auid=4294967295 uid=0 gid=0 euid=0 suid=0
fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) comm="umount"
exe="/bin/umount" subj=system_u:system_r:mount_t:s0 key=(null)
This appears to be the script from /etc/init.d/vmware:
# Start the file system blocking driver
vmware_start_vmblock() {
mkdir -p /tmp/VMwareDnD && chmod 777 /tmp/VMwareDnD
vmware_exec 'Loading module' vmware_load_module $vmblock
exitcode=`expr $exitcode + $?`
mount -t vmware-block none /proc/fs/vmware-block/mountPoint
}
# Stop the file system blocking driver
vmware_stop_vmblock() {
umount /proc/fs/vmware-block/mountPoint
vmware_unload_module $vmblock
}
Right way to fix?
tom
--
Tom London
--
fedora-selinux-list mailing list
fedora-selinux-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/fedora-selinux-list
