Questions about /net and /proc

Daniel J Walsh dwalsh at redhat.com
Tue Aug 16 17:27:57 UTC 2005 

James Z. Li wrote:

>In the shell script, namely redhat-install.sh
>...
>REDHAT_AREA=/net/redhat;
>SERVER=abc.foo.edu;
>if [ ! -d ${REDHAT_AREA}/bin ]; then
>    mkdir -p ${REDHAT_AREA}/bin;
>fi
>echo "Copying some files from server"
>scp -r ${SERVER}:${REDHAT_AREA}/bin/ ${REDHAT_AREA}
>...
>
>I labeled the redhat-install.sh script as file_t and shell_exec_t,
>but they both did not work. There is no security context for /net
>and /net is empty on my machine, so when I run this script, the 
>error messages are:
>mkdir: cannot create directory `/net/redhat': Permission denied
>Copying some files from server
>/net/redhat: Permission denied
>  
>
I think this is a DAC error.  /net is controled by the automounter. 
If you
setenforce 0
mkdir /net/redhat
mkdir: cannot create directory `/net/redhat': Permission denied

So I think you either need to turn off automounter or use a different 
directory.

>There is no AVC messages in either /var/log/messages or 
>/var/log/audit/audit.log. There are these lines in /var/log/messages:
>Aug 15 16:51:17 ko automount[3254]: >> /usr/sbin/showmount: can't get
>address for redhat
>Aug 15 16:51:17 ko automount[3254]: lookup(program): lookup for redhat failed
>Aug 15 16:51:17 ko automount[3254]: failed to mount /net/redhat
>
>Thanks a lot,
>
>James
>
>On 8/15/05, Daniel J Walsh <dwalsh at redhat.com> wrote:
>  
>
>>James Z. Li wrote:
>>
>>    
>>
>>>Hi all,
>>>
>>>I have several root shell scripts which need create directories
>>>under /net or /proc. They are running well under Fedora Core 2.
>>>After I upgrate to FC4 with targeted SELinux policy, those
>>>scripts are not running under either enforcing or permissive mode.
>>>Error messages like Unable to create directories under /net or /proc.
>>>I used "ls -Z" to check security contexts for /net and /proc,
>>>they both have empty security labels.
>>>As a root (root:system_r:unconfined_t), I cannot manually create
>>>anything under those two directories.
>>>
>>>What should I do in order to make /net and /proc writtable?
>>>
>>>Thanks,
>>>
>>>James
>>>
>>>--
>>>fedora-selinux-list mailing list
>>>fedora-selinux-list at redhat.com
>>>http://www.redhat.com/mailman/listinfo/fedora-selinux-list
>>>
>>>
>>>      
>>>
>>Could you supply the avc messages from /var/log/audit/audit.log or
>>/var/log/messages.
>>
>>--
>>
>>
>>
>>    
>>


--

More information about the fedora-selinux-list mailing list