atom feed4 messages in com.redhat.nahant-beta-listRe: selinux - errors
FromSent OnAttachments
chinni vOct 19, 2004 10:53 pm 
Shaw, MarcoOct 20, 2004 4:38 am 
Stephen SmalleyOct 20, 2004 4:52 am 
chinni vOct 20, 2004 7:39 am 
Subject:Re: selinux - errors
From:Stephen Smalley (sd@epoch.ncsc.mil)
Date:Oct 20, 2004 4:52:14 am
List:com.redhat.nahant-beta-list

On Wed, 2004-10-20 at 01:53, chinni v wrote:

If this is not the right place to discuss selinux related errors in beta1, please point me to the right one.

I'm observing this in /var/log/messages when trying an mv command *ONLY ON* NAS storage and not on any ordinary other NFS mount -

Oct 18 13:50:29 cacafonix kernel: audit(1098132629.254:0): avc: denied { associate } for pid=3931 exe=/bin/mv name=createts.sh scontext=user_u:object_r:file_t tcontext=system_u:object_r:nfs_t tclass=filesystem

I'm quite new to selinux as well, could someone let me know what to enable/disable?

The same issue occurred in Fedora Core 3 test2, and was fixed in the policy by test3. Don't know if there are policy updates for Nahant; if not, you could pull in the latest policy from the Fedora Core development tree, or manually add 'allow file_type nfs_t:filesystem associate;' to your /etc/selinux/targeted/src/policy/types/nfs.te file (after installing selinux-policy-targeted-sources and checkpolicy, if not already present), and then do a make load in /etc/selinux/targeted/src/policy. IMHO, proper fix involves a change to mv, but I don't think that has been made yet.