Re: vmware beta....needs mount/unmount?

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Tom London wrote:
Running latest rawhide, targeted/enforcing.

I'm testing the latest vmware beta (6?).

Seems to want to mount on /proc/fs/vmware-block/mountPoint:
   none on /proc/fs/vmware-block/mountPoint type vmware-block (rw)

This produces the following AVC during boot:

type=AVC msg=audit(1167500297.368:6): avc:  denied  { mount } for
pid=2225 comm="mount" name="/" dev=vmware-block ino=1
scontext=system_u:system_r:mount_t:s0
tcontext=system_u:object_r:unlabeled_t:s0 tclass=filesystem
type=SYSCALL msg=audit(1167500297.368:6): arch=40000003 syscall=21
success=yes exit=0 a0=937cdd8 a1=937ce00 a2=937cde8 a3=c0ed0000
items=0 ppid=2212 pid=2225 auid=4294967295 uid=0 gid=0 euid=0 suid=0
fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) comm="mount" exe="/bin/mount"
subj=system_u:system_r:mount_t:s0 key=(null)

I believe this is the associated AVC from 'unmount' during shutdown:

type=AVC msg=audit(1167502331.621:34): avc:  denied  { unmount } for
pid=4269 comm="umount" scontext=system_u:system_r:mount_t:s0
tcontext=system_u:object_r:unlabeled_t:s0 tclass=filesystem
type=SYSCALL msg=audit(1167502331.621:34): arch=40000003 syscall=22
success=yes exit=0 a0=9f20120 a1=bffc51f0 a2=9f20148 a3=9f20121
items=0 ppid=4268 pid=4269 auid=4294967295 uid=0 gid=0 euid=0 suid=0
fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) comm="umount"
exe="/bin/umount" subj=system_u:system_r:mount_t:s0 key=(null)

This appears to be the script from /etc/init.d/vmware:

# Start the file system blocking driver
vmware_start_vmblock() {
  mkdir -p /tmp/VMwareDnD && chmod 777 /tmp/VMwareDnD
  vmware_exec 'Loading module' vmware_load_module $vmblock
  exitcode=`expr $exitcode + $?`
  mount -t vmware-block none /proc/fs/vmware-block/mountPoint
}

# Stop the file system blocking driver
vmware_stop_vmblock() {
  umount /proc/fs/vmware-block/mountPoint
  vmware_unload_module $vmblock
}

Right way to fix?

tom

This looks like we need a genfscon for a vmware-block type file system.

Perhaps adding these lines and then some interface to allow vmware to access the filesystem, would work?

#
# vmwarefs_t is the type for vmware file systems
# filesystems and their files.
#
type vmwarefs_t;
fs_noxattr_type(vmwarefs_t)
allow vmwarefs_t fs_t:filesystem associate;
genfscon vmware-block / gen_context(system_u:object_r:vmwarefs_t,s0)


--
fedora-selinux-list mailing list
fedora-selinux-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/fedora-selinux-list

[Index of Archives]     [Fedora Users]     [Fedora Desktop]     [Big List of Linux Books]     [Yosemite News]     [Yosemite Campsites]     [KDE Users]     [Gnome Users]

  Powered by Linux