Louis E Garcia II wrote:
On Thu, 2008-03-13 at 16:30 -0400, Daniel J Walsh wrote:
Louis E Garcia II wrote:
SELinux is preventing mount (mount_t) "mount" to / (unlabeled_t).
Detailed Description:
SELinux denied access requested by mount. It is not expected that this
access is
required by mount and this access may signal an intrusion attempt. It is
also
possible that the specific version or configuration of the application
is
causing it to require additional access.
Allowing Access:
You can generate a local policy module to allow this access - see FAQ
(http://fedora.redhat.com/docs/selinux-faq-fc5/#id2961385) Or you can
disable
SELinux protection altogether. Disabling SELinux protection is not
recommended.
Please file a bug report
(http://bugzilla.redhat.com/bugzilla/enter_bug.cgi)
against this package.
Additional Information:
Source Context system_u:system_r:mount_t:s0
Target Context system_u:object_r:unlabeled_t:s0
Target Objects / [ filesystem ]
Source mount
Source Path /bin/mount
Port <Unknown>
Host sonlaptop
Source RPM Packages util-linux-ng-2.13.1-1.fc8
Target RPM Packages filesystem-2.4.11-1.fc8
Policy RPM selinux-policy-3.0.8-87.fc8
Selinux Enabled True
Policy Type targeted
MLS Enabled True
Enforcing Mode Enforcing
Plugin Name catchall
Host Name sonlaptop
Platform Linux sonlaptop 2.6.24.3-34.fc8 #1 SMP Wed
Mar 12
18:17:20 EDT 2008 i686 i686
Alert Count 2
First Seen Thu 13 Mar 2008 10:33:41 AM EDT
Last Seen Thu 13 Mar 2008 10:33:41 AM EDT
Local ID e4b0a819-9224-4c5c-949d-7e34dce371d2
Line Numbers
Raw Audit Messages
host=sonlaptop type=AVC msg=audit(1205418821.88:27): avc: denied
{ mount } for pid=3419 comm="mount" name="/" dev=fusectl ino=1
scontext=system_u:system_r:mount_t:s0
tcontext=system_u:object_r:unlabeled_t:s0 tclass=filesystem
host=sonlaptop type=SYSCALL msg=audit(1205418821.88:27): arch=40000003
syscall=21 success=no exit=-13 a0=b8803458 a1=b8804c90 a2=b8803f60
a3=c0ed0001 items=0 ppid=3407 pid=3419 auid=500 uid=0 gid=0 euid=0
suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts1 comm="mount"
exe="/bin/mount" subj=system_u:system_r:mount_t:s0 key=(null)
fusectl should be labeled in this release. Not sure why you are
seeing this.
I have downgraded to fuse-2.7.0-8 just to test but this release also
does not start. I noticed that in this release:
-rwsr-xr-x root fuse
system_u:object_r:fusermount_exec_t:s0 /bin/fusermount
as with the updated release fuse-2.7.3-2
-rwsr-xr-x root root
system_u:object_r:fusermount_exec_t:s0 /bin/fusermount
I do not remember if the policy also was updated. I changed the group to
fuse with no effect.
I'm the only one seeing this?
-Louis
i see it too