unable to access a mounted partition as guest

"Lakshmipathi.G" <lakshmipathi.g@xxxxxxxxx> · Fri, 8 Nov 2013 21:42:09 +0530

Hi -

We have ext4 partition (/common_pool) which was accessed by guest_u.  Last week, while  changing from  "Enforcing->Permissive->disabled" to Enforcing again. Some auto-rebeling happened during reboot. 

After that, guest_u can't access /common_pool.I'm not quite sure what changed in-between.  If I disable selinux (setenforce 0) ls /common_pool works properly from guest_u.

'ls' works on other places like /home/<user> or /tmp /usr /etc  but not on mounted directory /common_pool

$mount
/dev/sda2 on /common_pool type ext4 (rw,noexec,nosuid,nodev,usrjquota=aquota.user,jqfmt=vfsv0,usrjquota=aquota.user,jqfmt=vfsv0)

Here's the log message which appears while running 'ls' command:

type=SYSCALL msg=audit(1383674901.945:516253): arch=40000003 syscall=5 success=no exit=-13 a0=b77c9a18 a1=98800 a2=8063f78 a3=0 items=1 ppid=2963 pid=3562 auid=13578 uid=13578 gid=13578 euid=13578 suid=13578 fsuid=13578 egid=13578 sgid=13578 fsgid=13578 tty=pts0 ses=55568 comm="ls" exe="/bin/ls" subj=guest_u:guest_r:guest_t:s0 key="open2-acl"

type=CWD msg=audit(1383674901.945:516253):  cwd="/common_pool"
type=PATH msg=audit(1383674901.945:516253): item=0 name="." inode=2 dev=08:02 mode=042777 ouid=0 ogid=507 rdev=00:00 obj=system_u:object_r:default_t:s0

type=SYSCALL msg=audit(1383674901.945:516254): arch=40000003 syscall=5 success=no exit=-2 a0=b77c9ab0 a1=0 a2=46e3a0 a3=b77c9af0 items=1 ppid=2963 pid=3562 auid=13578 uid=13578 gid=13578 euid=13578 suid=13578 fsuid=13578 egid=13578 sgid=13578 fsgid=13578 tty=pts0 ses=55568 comm="ls" exe="/bin/ls" subj=guest_u:guest_r:guest_t:s0 key="open2-acl"

type=CWD msg=audit(1383674901.945:516254):  cwd="/common_pool"
type=PATH msg=audit(1383674901.945:516254): item=0 name="/usr/share/locale/en_US.UTF-8/LC_MESSAGES/coreutils.mo"

type=SYSCALL msg=audit(1383674901.946:516255): arch=40000003 syscall=5 success=no exit=-2 a0=b77ca790 a1=0 a2=46e3a0 a3=b77ca7d0 items=1 ppid=2963 pid=3562 auid=13578 uid=13578 gid=13578 euid=13578 suid=13578 fsuid=13578 egid=13578 sgid=13578 fsgid=13578 tty=pts0 ses=55568 comm="ls" exe="/bin/ls" subj=guest_u:guest_r:guest_t:s0 key="open2-acl"

type=CWD msg=audit(1383674901.946:516255):  cwd="/common_pool"
type=PATH msg=audit(1383674901.946:516255): item=0 name="/usr/share/locale/en_US.utf8/LC_MESSAGES/coreutils.mo"

type=SYSCALL msg=audit(1383674901.946:516256): arch=40000003 syscall=5 success=no exit=-2 a0=b77c9b18 a1=0 a2=46e3a0 a3=b77c9b50 items=1 ppid=2963 pid=3562 auid=13578 uid=13578 gid=13578 euid=13578 suid=13578 fsuid=13578 egid=13578 sgid=13578 fsgid=13578 tty=pts0 ses=55568 comm="ls" exe="/bin/ls" subj=guest_u:guest_r:guest_t:s0 key="open2-acl"

type=CWD msg=audit(1383674901.946:516256):  cwd="/common_pool"
type=PATH msg=audit(1383674901.946:516256): item=0 name="/usr/share/locale/en_US/LC_MESSAGES/coreutils.mo"
type=SYSCALL msg=audit(1383674901.946:516257): arch=40000003 syscall=5 success=no exit=-2 a0=b77ca700 a1=0 a2=46e3a0 a3=b77ca738 items=1 ppid=2963 pid=3562 auid=13578 uid=13578 gid=13578 euid=13578 suid=13578 fsuid=13578 egid=13578 sgid=13578 fsgid=13578 tty=pts0 ses=55568 comm="ls" exe="/bin/ls" subj=guest_u:guest_r:guest_t:s0 key="open2-acl"

type=CWD msg=audit(1383674901.946:516257):  cwd="/common_pool"
type=PATH msg=audit(1383674901.946:516257): item=0 name="/usr/share/locale/en.UTF-8/LC_MESSAGES/coreutils.mo"
type=SYSCALL msg=audit(1383674901.946:516258): arch=40000003 syscall=5 success=no exit=-2 a0=b77ca758 a1=0 a2=46e3a0 a3=b77ca7f8 items=1 ppid=2963 pid=3562 auid=13578 uid=13578 gid=13578 euid=13578 suid=13578 fsuid=13578 egid=13578 sgid=13578 fsgid=13578 tty=pts0 ses=55568 comm="ls" exe="/bin/ls" subj=guest_u:guest_r:guest_t:s0 key="open2-acl"

type=CWD msg=audit(1383674901.946:516258):  cwd="/common_pool"
type=PATH msg=audit(1383674901.946:516258): item=0 name="/usr/share/locale/en.utf8/LC_MESSAGES/coreutils.mo"
type=SYSCALL msg=audit(1383674901.947:516259): arch=40000003 syscall=5 success=no exit=-2 a0=b77ca968 a1=0 a2=46e3a0 a3=b77ca9a0 items=1 ppid=2963 pid=3562 auid=13578 uid=13578 gid=13578 euid=13578 suid=13578 fsuid=13578 egid=13578 sgid=13578 fsgid=13578 tty=pts0 ses=55568 comm="ls" exe="/bin/ls" subj=guest_u:guest_r:guest_t:s0 key="open2-acl"

type=CWD msg=audit(1383674901.947:516259):  cwd="/common_pool"
type=PATH msg=audit(1383674901.947:516259): item=0 name="/usr/share/locale/en_US.UTF-8/LC_MESSAGES/libc.mo"
type=SYSCALL msg=audit(1383674901.947:516260): arch=40000003 syscall=5 success=no exit=-2 a0=b77caaf0 a1=0 a2=46e3a0 a3=b77cab28 items=1 ppid=2963 pid=3562 auid=13578 uid=13578 gid=13578 euid=13578 suid=13578 fsuid=13578 egid=13578 sgid=13578 fsgid=13578 tty=pts0 ses=55568 comm="ls" exe="/bin/ls" subj=guest_u:guest_r:guest_t:s0 key="open2-acl"

type=CWD msg=audit(1383674901.947:516260):  cwd="/common_pool"
type=PATH msg=audit(1383674901.947:516260): item=0 name="/usr/share/locale/en_US.utf8/LC_MESSAGES/libc.mo"
type=SYSCALL msg=audit(1383674901.947:516261): arch=40000003 syscall=5 success=no exit=-2 a0=b77ca9c8 a1=0 a2=46e3a0 a3=b77ca9f8 items=1 ppid=2963 pid=3562 auid=13578 uid=13578 gid=13578 euid=13578 suid=13578 fsuid=13578 egid=13578 sgid=13578 fsgid=13578 tty=pts0 ses=55568 comm="ls" exe="/bin/ls" subj=guest_u:guest_r:guest_t:s0 key="open2-acl"

type=CWD msg=audit(1383674901.947:516261):  cwd="/common_pool"
type=PATH msg=audit(1383674901.947:516261): item=0 name="/usr/share/locale/en_US/LC_MESSAGES/libc.mo"
type=SYSCALL msg=audit(1383674901.947:516262): arch=40000003 syscall=5 success=no exit=-2 a0=b77caa68 a1=0 a2=46e3a0 a3=b77caaa0 items=1 ppid=2963 pid=3562 auid=13578 uid=13578 gid=13578 euid=13578 suid=13578 fsuid=13578 egid=13578 sgid=13578 fsgid=13578 tty=pts0 ses=55568 comm="ls" exe="/bin/ls" subj=guest_u:guest_r:guest_t:s0 key="open2-acl"

type=CWD msg=audit(1383674901.947:516262):  cwd="/common_pool"
type=PATH msg=audit(1383674901.947:516262): item=0 name="/usr/share/locale/en.UTF-8/LC_MESSAGES/libc.mo"
type=SYSCALL msg=audit(1383674901.947:516263): arch=40000003 syscall=5 success=no exit=-2 a0=b77cab50 a1=0 a2=46e3a0 a3=b77cab88 items=1 ppid=2963 pid=3562 auid=13578 uid=13578 gid=13578 euid=13578 suid=13578 fsuid=13578 egid=13578 sgid=13578 fsgid=13578 tty=pts0 ses=55568 comm="ls" exe="/bin/ls" subj=guest_u:guest_r:guest_t:s0 key="open2-acl"

type=CWD msg=audit(1383674901.947:516263):  cwd="/common_pool"
type=PATH msg=audit(1383674901.947:516263): item=0 name="/usr/share/locale/en.utf8/LC_MESSAGES/libc.mo"
type=SYSCALL msg=audit(1383674901.947:516264): arch=40000003 syscall=5 success=no exit=-2 a0=b77caa18 a1=0 a2=46e3a0 a3=b77caa48 items=1 ppid=2963 pid=3562 auid=13578 uid=13578 gid=13578 euid=13578 suid=13578 fsuid=13578 egid=13578 sgid=13578 fsgid=13578 tty=pts0 ses=55568 comm="ls" exe="/bin/ls" subj=guest_u:guest_r:guest_t:s0 key="open2-acl"

type=CWD msg=audit(1383674901.947:516264):  cwd="/common_pool"
type=PATH msg=audit(1383674901.947:516264): item=0 name="/usr/share/locale/en/LC_MESSAGES/libc.mo"

We are still using very very old and outdated fedora-14. But i guess this problem is not related to using old version as it was working few days back. Thanks for any help. 

-- 
----
Cheers,
Lakshmipathi.G
FOSS Programmer.
www.giis.co.in

--
selinux mailing list
selinux@xxxxxxxxxxxxxxxxxxxxxxx
https://admin.fedoraproject.org/mailman/listinfo/selinux