Re: Questions about /net and /proc: msg#00069

James Z. Li wrote:

In the shell script, namely redhat-install.sh
...
REDHAT_AREA=/net/redhat;
SERVER=abc.foo.edu;
if [ ! -d ${REDHAT_AREA}/bin ]; then
   mkdir -p ${REDHAT_AREA}/bin;
fi
echo "Copying some files from server"
scp -r ${SERVER}:${REDHAT_AREA}/bin/ ${REDHAT_AREA}
...

I labeled the redhat-install.sh script as file_t and shell_exec_t,
but they both did not work. There is no security context for /net

and /net is empty on my machine, so when I run this script, theerror messages are:

mkdir: cannot create directory `/net/redhat': Permission denied
Copying some files from server
/net/redhat: Permission denied

I think this is a DAC error. /net is controled by the automounter.If you

setenforce 0
mkdir /net/redhat
mkdir: cannot create directory `/net/redhat': Permission denied

So I think you either need to turn off automounter or use a differentdirectory.

There is no AVC messages in either /var/log/messages or/var/log/audit/audit.log. There are these lines in /var/log/messages:

Aug 15 16:51:17 ko automount[3254]: >> /usr/sbin/showmount: can't get
address for redhat
Aug 15 16:51:17 ko automount[3254]: lookup(program): lookup for redhat failed
Aug 15 16:51:17 ko automount[3254]: failed to mount /net/redhat

Thanks a lot,

James

On 8/15/05, Daniel J Walsh <dwalsh@xxxxxxxxxx> wrote:

James Z. Li wrote:

Hi all,

I have several root shell scripts which need create directories
under /net or /proc. They are running well under Fedora Core 2.
After I upgrate to FC4 with targeted SELinux policy, those
scripts are not running under either enforcing or permissive mode.
Error messages like Unable to create directories under /net or /proc.
I used "ls -Z" to check security contexts for /net and /proc,
they both have empty security labels.
As a root (root:system_r:unconfined_t), I cannot manually create
anything under those two directories.

What should I do in order to make /net and /proc writtable?

Thanks,

James

--
fedora-selinux-list mailing list
fedora-selinux-list@xxxxxxxxxx
http://www.redhat.com/mailman/listinfo/fedora-selinux-list

Could you supply the avc messages from /var/log/audit/audit.log or
/var/log/messages.

--

--

<Prev in Thread]	Current Thread	[Next in Thread>

<Prev in Thread]

Current Thread

[Next in Thread>

Previous by Date:	Re: [Bug 164992] New: Mod_proxy does not work with SElinux default policy, Joe Orton
Next by Date:	Re: [Bug 164992] New: Mod_proxy does not work with SElinux default policy, Daniel J Walsh
Previous by Thread:	Re: Questions about /net and /proc, James Z. Li
Next by Thread:	... is not a valid context, Todd Merritt
Indexes:	[Date] [Thread] [Top] [All Lists]

Previous by Date:

Re: [Bug 164992] New: Mod_proxy does not work with SElinux default policy, Joe Orton

Next by Date:

Re: [Bug 164992] New: Mod_proxy does not work with SElinux default policy, Daniel J Walsh

Previous by Thread:

Re: Questions about /net and /proc, James Z. Li

Next by Thread:

... is not a valid context, Todd Merritt

Indexes:

[Date] [Thread] [Top] [All Lists]

Free Magazines

Systems Management News, the newspaper for IT systems administration and data center managers! Each issue of Systems Management News is chock-full of news and analysis to help you understand what's happening in your field.
subscribe

The Enterprise Newsweekly eWeek is the essential technology information source for builders of e-business.
subscribe

Oracle Magazine Oracle Magazine contains technology strategy articles, sample code, tips, Oracle and partner news, how to articles for developers and DBAs, and more. Oracle (NASDAQ: ORCL) is the world's largest enterprise software company.
subscribe

Total Telecom Total Telecom is "The Economist of the communications industry".
subscribe