On Fri, 2008-03-14 at 12:09 +1000, Brian Chadwick wrote: > Louis E Garcia II wrote: > > On Thu, 2008-03-13 at 16:30 -0400, Daniel J Walsh wrote: > > > >> Louis E Garcia II wrote: > >> > >>> SELinux is preventing mount (mount_t) "mount" to / (unlabeled_t). > >>> > >>> Detailed Description: > >>> > >>> SELinux denied access requested by mount. It is not expected that this > >>> access is > >>> required by mount and this access may signal an intrusion attempt. It is > >>> also > >>> possible that the specific version or configuration of the application > >>> is > >>> causing it to require additional access. > >>> > >>> Allowing Access: > >>> > >>> You can generate a local policy module to allow this access - see FAQ > >>> (http://fedora.redhat.com/docs/selinux-faq-fc5/#id2961385) Or you can > >>> disable > >>> SELinux protection altogether. Disabling SELinux protection is not > >>> recommended. > >>> Please file a bug report > >>> (http://bugzilla.redhat.com/bugzilla/enter_bug.cgi) > >>> against this package. > >>> > >>> Additional Information: > >>> > >>> Source Context system_u:system_r:mount_t:s0 > >>> Target Context system_u:object_r:unlabeled_t:s0 > >>> Target Objects / [ filesystem ] > >>> Source mount > >>> Source Path /bin/mount > >>> Port <Unknown> > >>> Host sonlaptop > >>> Source RPM Packages util-linux-ng-2.13.1-1.fc8 > >>> Target RPM Packages filesystem-2.4.11-1.fc8 > >>> Policy RPM selinux-policy-3.0.8-87.fc8 > >>> Selinux Enabled True > >>> Policy Type targeted > >>> MLS Enabled True > >>> Enforcing Mode Enforcing > >>> Plugin Name catchall > >>> Host Name sonlaptop > >>> Platform Linux sonlaptop 2.6.24.3-34.fc8 #1 SMP Wed > >>> Mar 12 > >>> 18:17:20 EDT 2008 i686 i686 > >>> Alert Count 2 > >>> First Seen Thu 13 Mar 2008 10:33:41 AM EDT > >>> Last Seen Thu 13 Mar 2008 10:33:41 AM EDT > >>> Local ID e4b0a819-9224-4c5c-949d-7e34dce371d2 > >>> Line Numbers > >>> > >>> Raw Audit Messages > >>> > >>> host=sonlaptop type=AVC msg=audit(1205418821.88:27): avc: denied > >>> { mount } for pid=3419 comm="mount" name="/" dev=fusectl ino=1 > >>> scontext=system_u:system_r:mount_t:s0 > >>> tcontext=system_u:object_r:unlabeled_t:s0 tclass=filesystem > >>> > >>> host=sonlaptop type=SYSCALL msg=audit(1205418821.88:27): arch=40000003 > >>> syscall=21 success=no exit=-13 a0=b8803458 a1=b8804c90 a2=b8803f60 > >>> a3=c0ed0001 items=0 ppid=3407 pid=3419 auid=500 uid=0 gid=0 euid=0 > >>> suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts1 comm="mount" > >>> exe="/bin/mount" subj=system_u:system_r:mount_t:s0 key=(null) > >>> > >>> > >>> > >>> > >> fusectl should be labeled in this release. Not sure why you are > >> seeing this. > >> > > > > I have downgraded to fuse-2.7.0-8 just to test but this release also > > does not start. I noticed that in this release: > > -rwsr-xr-x root fuse > > system_u:object_r:fusermount_exec_t:s0 /bin/fusermount > > > > as with the updated release fuse-2.7.3-2 > > -rwsr-xr-x root root > > system_u:object_r:fusermount_exec_t:s0 /bin/fusermount > > > > I do not remember if the policy also was updated. I changed the group to > > fuse with no effect. > > > > I'm the only one seeing this? > > > > -Louis > > > > > i see it too > +1
