Hi -
We have ext4 partition (/common_pool) which was accessed by guest_u. Last week, while changing from "Enforcing->Permissive->disabled" to Enforcing again. Some auto-rebeling happened during reboot.
After that, guest_u can't access /common_pool.I'm not quite sure what changed in-between. If I disable selinux (setenforce 0) ls /common_pool works properly from guest_u.
'ls' works on other places like /home/<user> or /tmp /usr /etc but not on mounted directory /common_pool
$mount
/dev/sda2 on /common_pool type ext4 (rw,noexec,nosuid,nodev,usrjquota=aquota.user,jqfmt=vfsv0,usrjquota=aquota.user,jqfmt=vfsv0)
Here's the log message which appears while running 'ls' command:
type=SYSCALL msg=audit(1383674901.945:516253): arch=40000003 syscall=5 success=no exit=-13 a0=b77c9a18 a1=98800 a2=8063f78 a3=0 items=1 ppid=2963 pid=3562 auid=13578 uid=13578 gid=13578 euid=13578 suid=13578 fsuid=13578 egid=13578 sgid=13578 fsgid=13578 tty=pts0 ses=55568 comm="ls" exe="/bin/ls" subj=guest_u:guest_r:guest_t:s0 key="open2-acl"
type=CWD msg=audit(1383674901.945:516253): cwd="/common_pool"
type=PATH msg=audit(1383674901.945:516253): item=0 name="." inode=2 dev=08:02 mode=042777 ouid=0 ogid=507 rdev=00:00 obj=system_u:object_r:default_t:s0
type=SYSCALL msg=audit(1383674901.945:516254): arch=40000003 syscall=5 success=no exit=-2 a0=b77c9ab0 a1=0 a2=46e3a0 a3=b77c9af0 items=1 ppid=2963 pid=3562 auid=13578 uid=13578 gid=13578 euid=13578 suid=13578 fsuid=13578 egid=13578 sgid=13578 fsgid=13578 tty=pts0 ses=55568 comm="ls" exe="/bin/ls" subj=guest_u:guest_r:guest_t:s0 key="open2-acl"
type=CWD msg=audit(1383674901.945:516254): cwd="/common_pool"
type=PATH msg=audit(1383674901.945:516254): item=0 name="/usr/share/locale/en_US.UTF-8/LC_MESSAGES/coreutils.mo"
type=SYSCALL msg=audit(1383674901.946:516255): arch=40000003 syscall=5 success=no exit=-2 a0=b77ca790 a1=0 a2=46e3a0 a3=b77ca7d0 items=1 ppid=2963 pid=3562 auid=13578 uid=13578 gid=13578 euid=13578 suid=13578 fsuid=13578 egid=13578 sgid=13578 fsgid=13578 tty=pts0 ses=55568 comm="ls" exe="/bin/ls" subj=guest_u:guest_r:guest_t:s0 key="open2-acl"
type=CWD msg=audit(1383674901.946:516255): cwd="/common_pool"
type=PATH msg=audit(1383674901.946:516255): item=0 name="/usr/share/locale/en_US.utf8/LC_MESSAGES/coreutils.mo"
type=SYSCALL msg=audit(1383674901.946:516256): arch=40000003 syscall=5 success=no exit=-2 a0=b77c9b18 a1=0 a2=46e3a0 a3=b77c9b50 items=1 ppid=2963 pid=3562 auid=13578 uid=13578 gid=13578 euid=13578 suid=13578 fsuid=13578 egid=13578 sgid=13578 fsgid=13578 tty=pts0 ses=55568 comm="ls" exe="/bin/ls" subj=guest_u:guest_r:guest_t:s0 key="open2-acl"
type=CWD msg=audit(1383674901.946:516256): cwd="/common_pool"
type=PATH msg=audit(1383674901.946:516256): item=0 name="/usr/share/locale/en_US/LC_MESSAGES/coreutils.mo"
type=SYSCALL msg=audit(1383674901.946:516257): arch=40000003 syscall=5 success=no exit=-2 a0=b77ca700 a1=0 a2=46e3a0 a3=b77ca738 items=1 ppid=2963 pid=3562 auid=13578 uid=13578 gid=13578 euid=13578 suid=13578 fsuid=13578 egid=13578 sgid=13578 fsgid=13578 tty=pts0 ses=55568 comm="ls" exe="/bin/ls" subj=guest_u:guest_r:guest_t:s0 key="open2-acl"
type=CWD msg=audit(1383674901.946:516257): cwd="/common_pool"
type=PATH msg=audit(1383674901.946:516257): item=0 name="/usr/share/locale/en.UTF-8/LC_MESSAGES/coreutils.mo"
type=SYSCALL msg=audit(1383674901.946:516258): arch=40000003 syscall=5 success=no exit=-2 a0=b77ca758 a1=0 a2=46e3a0 a3=b77ca7f8 items=1 ppid=2963 pid=3562 auid=13578 uid=13578 gid=13578 euid=13578 suid=13578 fsuid=13578 egid=13578 sgid=13578 fsgid=13578 tty=pts0 ses=55568 comm="ls" exe="/bin/ls" subj=guest_u:guest_r:guest_t:s0 key="open2-acl"
type=CWD msg=audit(1383674901.946:516258): cwd="/common_pool"
type=PATH msg=audit(1383674901.946:516258): item=0 name="/usr/share/locale/en.utf8/LC_MESSAGES/coreutils.mo"
type=SYSCALL msg=audit(1383674901.947:516259): arch=40000003 syscall=5 success=no exit=-2 a0=b77ca968 a1=0 a2=46e3a0 a3=b77ca9a0 items=1 ppid=2963 pid=3562 auid=13578 uid=13578 gid=13578 euid=13578 suid=13578 fsuid=13578 egid=13578 sgid=13578 fsgid=13578 tty=pts0 ses=55568 comm="ls" exe="/bin/ls" subj=guest_u:guest_r:guest_t:s0 key="open2-acl"
type=CWD msg=audit(1383674901.947:516259): cwd="/common_pool"
type=PATH msg=audit(1383674901.947:516259): item=0 name="/usr/share/locale/en_US.UTF-8/LC_MESSAGES/libc.mo"
type=SYSCALL msg=audit(1383674901.947:516260): arch=40000003 syscall=5 success=no exit=-2 a0=b77caaf0 a1=0 a2=46e3a0 a3=b77cab28 items=1 ppid=2963 pid=3562 auid=13578 uid=13578 gid=13578 euid=13578 suid=13578 fsuid=13578 egid=13578 sgid=13578 fsgid=13578 tty=pts0 ses=55568 comm="ls" exe="/bin/ls" subj=guest_u:guest_r:guest_t:s0 key="open2-acl"
type=CWD msg=audit(1383674901.947:516260): cwd="/common_pool"
type=PATH msg=audit(1383674901.947:516260): item=0 name="/usr/share/locale/en_US.utf8/LC_MESSAGES/libc.mo"
type=SYSCALL msg=audit(1383674901.947:516261): arch=40000003 syscall=5 success=no exit=-2 a0=b77ca9c8 a1=0 a2=46e3a0 a3=b77ca9f8 items=1 ppid=2963 pid=3562 auid=13578 uid=13578 gid=13578 euid=13578 suid=13578 fsuid=13578 egid=13578 sgid=13578 fsgid=13578 tty=pts0 ses=55568 comm="ls" exe="/bin/ls" subj=guest_u:guest_r:guest_t:s0 key="open2-acl"
type=CWD msg=audit(1383674901.947:516261): cwd="/common_pool"
type=PATH msg=audit(1383674901.947:516261): item=0 name="/usr/share/locale/en_US/LC_MESSAGES/libc.mo"
type=SYSCALL msg=audit(1383674901.947:516262): arch=40000003 syscall=5 success=no exit=-2 a0=b77caa68 a1=0 a2=46e3a0 a3=b77caaa0 items=1 ppid=2963 pid=3562 auid=13578 uid=13578 gid=13578 euid=13578 suid=13578 fsuid=13578 egid=13578 sgid=13578 fsgid=13578 tty=pts0 ses=55568 comm="ls" exe="/bin/ls" subj=guest_u:guest_r:guest_t:s0 key="open2-acl"
type=CWD msg=audit(1383674901.947:516262): cwd="/common_pool"
type=PATH msg=audit(1383674901.947:516262): item=0 name="/usr/share/locale/en.UTF-8/LC_MESSAGES/libc.mo"
type=SYSCALL msg=audit(1383674901.947:516263): arch=40000003 syscall=5 success=no exit=-2 a0=b77cab50 a1=0 a2=46e3a0 a3=b77cab88 items=1 ppid=2963 pid=3562 auid=13578 uid=13578 gid=13578 euid=13578 suid=13578 fsuid=13578 egid=13578 sgid=13578 fsgid=13578 tty=pts0 ses=55568 comm="ls" exe="/bin/ls" subj=guest_u:guest_r:guest_t:s0 key="open2-acl"
type=CWD msg=audit(1383674901.947:516263): cwd="/common_pool"
type=PATH msg=audit(1383674901.947:516263): item=0 name="/usr/share/locale/en.utf8/LC_MESSAGES/libc.mo"
type=SYSCALL msg=audit(1383674901.947:516264): arch=40000003 syscall=5 success=no exit=-2 a0=b77caa18 a1=0 a2=46e3a0 a3=b77caa48 items=1 ppid=2963 pid=3562 auid=13578 uid=13578 gid=13578 euid=13578 suid=13578 fsuid=13578 egid=13578 sgid=13578 fsgid=13578 tty=pts0 ses=55568 comm="ls" exe="/bin/ls" subj=guest_u:guest_r:guest_t:s0 key="open2-acl"
type=CWD msg=audit(1383674901.947:516264): cwd="/common_pool"
type=PATH msg=audit(1383674901.947:516264): item=0 name="/usr/share/locale/en/LC_MESSAGES/libc.mo"
We are still using very very old and outdated fedora-14. But i guess this problem is not related to using old version as it was working few days back. Thanks for any help.
----
Cheers,
Lakshmipathi.G
FOSS Programmer.
www.giis.co.in
-- selinux mailing list selinux@xxxxxxxxxxxxxxxxxxxxxxx https://admin.fedoraproject.org/mailman/listinfo/selinux