Re: selinux not allowing fuse to mount with todays f8 updates

[Brian Chadwick <brianchad@xxxxxxxxxxxxxx>]

Louis E Garcia II wrote:
> SELinux is preventing mount (mount_t) "mount" to / (unlabeled_t).
>
> Detailed Description:
>
> SELinux denied access requested by mount. It is not expected that this
> access is
> required by mount and this access may signal an intrusion attempt. It is
> also
> possible that the specific version or configuration of the application
> is
> causing it to require additional access.
>
> Allowing Access:
>
> You can generate a local policy module to allow this access - see FAQ
> (http://fedora.redhat.com/docs/selinux-faq-fc5/#id2961385) Or you can
> disable
> SELinux protection altogether. Disabling SELinux protection is not
> recommended.
> Please file a bug report
> (http://bugzilla.redhat.com/bugzilla/enter_bug.cgi)
> against this package.
>
> Additional Information:
>
> Source Context                system_u:system_r:mount_t:s0
> Target Context                system_u:object_r:unlabeled_t:s0
> Target Objects                / [ filesystem ]
> Source                        mount
> Source Path                   /bin/mount
> Port                          <Unknown>
> Host                          sonlaptop
> Source RPM Packages           util-linux-ng-2.13.1-1.fc8
> Target RPM Packages           filesystem-2.4.11-1.fc8
> Policy RPM                    selinux-policy-3.0.8-87.fc8
> Selinux Enabled               True
> Policy Type                   targeted
> MLS Enabled                   True
> Enforcing Mode                Enforcing
> Plugin Name                   catchall
> Host Name                     sonlaptop
> Platform                      Linux sonlaptop 2.6.24.3-34.fc8 #1 SMP Wed
> Mar 12
>                               18:17:20 EDT 2008 i686 i686
> Alert Count                   2
> First Seen                    Thu 13 Mar 2008 10:33:41 AM EDT
> Last Seen                     Thu 13 Mar 2008 10:33:41 AM EDT
> Local ID                      e4b0a819-9224-4c5c-949d-7e34dce371d2
> Line Numbers                  
>
> Raw Audit Messages            
>
> host=sonlaptop type=AVC msg=audit(1205418821.88:27): avc:  denied
> { mount } for  pid=3419 comm="mount" name="/" dev=fusectl ino=1
> scontext=system_u:system_r:mount_t:s0
> tcontext=system_u:object_r:unlabeled_t:s0 tclass=filesystem
>
> host=sonlaptop type=SYSCALL msg=audit(1205418821.88:27): arch=40000003
> syscall=21 success=no exit=-13 a0=b8803458 a1=b8804c90 a2=b8803f60
> a3=c0ed0001 items=0 ppid=3407 pid=3419 auid=500 uid=0 gid=0 euid=0
> suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts1 comm="mount"
> exe="/bin/mount" subj=system_u:system_r:mount_t:s0 key=(null)
>
>
>
>
>   

i have the same effect here after the latest fuse update.