Re: selinux not allowing fuse to mount with todays f8 updates

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Louis E Garcia II wrote:
On Thu, 2008-03-13 at 16:30 -0400, Daniel J Walsh wrote:
Louis E Garcia II wrote:
SELinux is preventing mount (mount_t) "mount" to / (unlabeled_t).

Detailed Description:

SELinux denied access requested by mount. It is not expected that this
access is
required by mount and this access may signal an intrusion attempt. It is
also
possible that the specific version or configuration of the application
is
causing it to require additional access.

Allowing Access:

You can generate a local policy module to allow this access - see FAQ
(http://fedora.redhat.com/docs/selinux-faq-fc5/#id2961385) Or you can
disable
SELinux protection altogether. Disabling SELinux protection is not
recommended.
Please file a bug report
(http://bugzilla.redhat.com/bugzilla/enter_bug.cgi)
against this package.

Additional Information:

Source Context                system_u:system_r:mount_t:s0
Target Context                system_u:object_r:unlabeled_t:s0
Target Objects                / [ filesystem ]
Source                        mount
Source Path                   /bin/mount
Port                          <Unknown>
Host                          sonlaptop
Source RPM Packages           util-linux-ng-2.13.1-1.fc8
Target RPM Packages           filesystem-2.4.11-1.fc8
Policy RPM                    selinux-policy-3.0.8-87.fc8
Selinux Enabled               True
Policy Type                   targeted
MLS Enabled                   True
Enforcing Mode                Enforcing
Plugin Name                   catchall
Host Name                     sonlaptop
Platform                      Linux sonlaptop 2.6.24.3-34.fc8 #1 SMP Wed
Mar 12
                              18:17:20 EDT 2008 i686 i686
Alert Count                   2
First Seen                    Thu 13 Mar 2008 10:33:41 AM EDT
Last Seen                     Thu 13 Mar 2008 10:33:41 AM EDT
Local ID                      e4b0a819-9224-4c5c-949d-7e34dce371d2
Line Numbers Raw Audit Messages
host=sonlaptop type=AVC msg=audit(1205418821.88:27): avc:  denied
{ mount } for  pid=3419 comm="mount" name="/" dev=fusectl ino=1
scontext=system_u:system_r:mount_t:s0
tcontext=system_u:object_r:unlabeled_t:s0 tclass=filesystem

host=sonlaptop type=SYSCALL msg=audit(1205418821.88:27): arch=40000003
syscall=21 success=no exit=-13 a0=b8803458 a1=b8804c90 a2=b8803f60
a3=c0ed0001 items=0 ppid=3407 pid=3419 auid=500 uid=0 gid=0 euid=0
suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts1 comm="mount"
exe="/bin/mount" subj=system_u:system_r:mount_t:s0 key=(null)



fusectl should be labeled in this release.  Not sure why you are
seeing this.

I have downgraded to fuse-2.7.0-8 just to test but this release also
does not start. I noticed that in this release:
-rwsr-xr-x  root fuse
system_u:object_r:fusermount_exec_t:s0 /bin/fusermount

as with the updated release fuse-2.7.3-2
-rwsr-xr-x  root root
system_u:object_r:fusermount_exec_t:s0 /bin/fusermount

I do not remember if the policy also was updated. I changed the group to
fuse with no effect.

I'm the only one seeing this?

-Louis

i see it too


[Index of Archives]     [Current Fedora Users]     [Fedora Desktop]     [Fedora SELinux]     [Yosemite News]     [Yosemite Photos]     [KDE Users]     [Fedora Tools]     [Fedora Docs]

  Powered by Linux