On Thu, 2008-03-13 at 16:30 -0400, Daniel J Walsh wrote: > Louis E Garcia II wrote: > > SELinux is preventing mount (mount_t) "mount" to / (unlabeled_t). > > > > Detailed Description: > > > > SELinux denied access requested by mount. It is not expected that this > > access is > > required by mount and this access may signal an intrusion attempt. It is > > also > > possible that the specific version or configuration of the application > > is > > causing it to require additional access. > > > > Allowing Access: > > > > You can generate a local policy module to allow this access - see FAQ > > (http://fedora.redhat.com/docs/selinux-faq-fc5/#id2961385) Or you can > > disable > > SELinux protection altogether. Disabling SELinux protection is not > > recommended. > > Please file a bug report > > (http://bugzilla.redhat.com/bugzilla/enter_bug.cgi) > > against this package. > > > > Additional Information: > > > > Source Context system_u:system_r:mount_t:s0 > > Target Context system_u:object_r:unlabeled_t:s0 > > Target Objects / [ filesystem ] > > Source mount > > Source Path /bin/mount > > Port <Unknown> > > Host sonlaptop > > Source RPM Packages util-linux-ng-2.13.1-1.fc8 > > Target RPM Packages filesystem-2.4.11-1.fc8 > > Policy RPM selinux-policy-3.0.8-87.fc8 > > Selinux Enabled True > > Policy Type targeted > > MLS Enabled True > > Enforcing Mode Enforcing > > Plugin Name catchall > > Host Name sonlaptop > > Platform Linux sonlaptop 2.6.24.3-34.fc8 #1 SMP Wed > > Mar 12 > > 18:17:20 EDT 2008 i686 i686 > > Alert Count 2 > > First Seen Thu 13 Mar 2008 10:33:41 AM EDT > > Last Seen Thu 13 Mar 2008 10:33:41 AM EDT > > Local ID e4b0a819-9224-4c5c-949d-7e34dce371d2 > > Line Numbers > > > > Raw Audit Messages > > > > host=sonlaptop type=AVC msg=audit(1205418821.88:27): avc: denied > > { mount } for pid=3419 comm="mount" name="/" dev=fusectl ino=1 > > scontext=system_u:system_r:mount_t:s0 > > tcontext=system_u:object_r:unlabeled_t:s0 tclass=filesystem > > > > host=sonlaptop type=SYSCALL msg=audit(1205418821.88:27): arch=40000003 > > syscall=21 success=no exit=-13 a0=b8803458 a1=b8804c90 a2=b8803f60 > > a3=c0ed0001 items=0 ppid=3407 pid=3419 auid=500 uid=0 gid=0 euid=0 > > suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts1 comm="mount" > > exe="/bin/mount" subj=system_u:system_r:mount_t:s0 key=(null) > > > > > > > fusectl should be labeled in this release. Not sure why you are > seeing this. I have downgraded to fuse-2.7.0-8 just to test but this release also does not start. I noticed that in this release: -rwsr-xr-x root fuse system_u:object_r:fusermount_exec_t:s0 /bin/fusermount as with the updated release fuse-2.7.3-2 -rwsr-xr-x root root system_u:object_r:fusermount_exec_t:s0 /bin/fusermount I do not remember if the policy also was updated. I changed the group to fuse with no effect. I'm the only one seeing this? -Louis