-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Louis E Garcia II wrote: > On Thu, 2008-03-13 at 16:30 -0400, Daniel J Walsh wrote: >> Louis E Garcia II wrote: >>> SELinux is preventing mount (mount_t) "mount" to / (unlabeled_t). >>> >>> Detailed Description: >>> >>> SELinux denied access requested by mount. It is not expected that this >>> access is >>> required by mount and this access may signal an intrusion attempt. It is >>> also >>> possible that the specific version or configuration of the application >>> is >>> causing it to require additional access. >>> >>> Allowing Access: >>> >>> You can generate a local policy module to allow this access - see FAQ >>> (http://fedora.redhat.com/docs/selinux-faq-fc5/#id2961385) Or you can >>> disable >>> SELinux protection altogether. Disabling SELinux protection is not >>> recommended. >>> Please file a bug report >>> (http://bugzilla.redhat.com/bugzilla/enter_bug.cgi) >>> against this package. >>> >>> Additional Information: >>> >>> Source Context system_u:system_r:mount_t:s0 >>> Target Context system_u:object_r:unlabeled_t:s0 >>> Target Objects / [ filesystem ] >>> Source mount >>> Source Path /bin/mount >>> Port <Unknown> >>> Host sonlaptop >>> Source RPM Packages util-linux-ng-2.13.1-1.fc8 >>> Target RPM Packages filesystem-2.4.11-1.fc8 >>> Policy RPM selinux-policy-3.0.8-87.fc8 >>> Selinux Enabled True >>> Policy Type targeted >>> MLS Enabled True >>> Enforcing Mode Enforcing >>> Plugin Name catchall >>> Host Name sonlaptop >>> Platform Linux sonlaptop 2.6.24.3-34.fc8 #1 SMP Wed >>> Mar 12 >>> 18:17:20 EDT 2008 i686 i686 >>> Alert Count 2 >>> First Seen Thu 13 Mar 2008 10:33:41 AM EDT >>> Last Seen Thu 13 Mar 2008 10:33:41 AM EDT >>> Local ID e4b0a819-9224-4c5c-949d-7e34dce371d2 >>> Line Numbers >>> >>> Raw Audit Messages >>> >>> host=sonlaptop type=AVC msg=audit(1205418821.88:27): avc: denied >>> { mount } for pid=3419 comm="mount" name="/" dev=fusectl ino=1 >>> scontext=system_u:system_r:mount_t:s0 >>> tcontext=system_u:object_r:unlabeled_t:s0 tclass=filesystem >>> >>> host=sonlaptop type=SYSCALL msg=audit(1205418821.88:27): arch=40000003 >>> syscall=21 success=no exit=-13 a0=b8803458 a1=b8804c90 a2=b8803f60 >>> a3=c0ed0001 items=0 ppid=3407 pid=3419 auid=500 uid=0 gid=0 euid=0 >>> suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts1 comm="mount" >>> exe="/bin/mount" subj=system_u:system_r:mount_t:s0 key=(null) >>> >>> >>> >> fusectl should be labeled in this release. Not sure why you are >> seeing this. > > I have downgraded to fuse-2.7.0-8 just to test but this release also > does not start. I noticed that in this release: > -rwsr-xr-x root fuse > system_u:object_r:fusermount_exec_t:s0 /bin/fusermount > > as with the updated release fuse-2.7.3-2 > -rwsr-xr-x root root > system_u:object_r:fusermount_exec_t:s0 /bin/fusermount > > I do not remember if the policy also was updated. I changed the group to > fuse with no effect. > > I'm the only one seeing this? > > -Louis > Looks like the fix was added after selinux-policy-3.0.8-87.fc8 Please update to the latest policy in Fedora 8. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.8 (GNU/Linux) Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org iEYEARECAAYFAkfZv6EACgkQrlYvE4MpobP1dwCeMg/iUYRoUTZZeY68vIjz97KU 1PkAn0MV3etjqvDNrBmJ71fD2RAH5ueZ =wnVb -----END PGP SIGNATURE-----
