On 05/05/2009 08:17 PM, David wrote:
On Wed, May 6, 2009 at 8:58 AM, Eamon Walsh<ewalsh@xxxxxxxxxxxxx> wrote:
David wrote:
I'm attempting to mount a loop device (a ro file) at boot using fstab.
My fstab entry works fine from the command line, but it fails at boot
time due to a selinux avc error. I assume this is due to incorrect
file context. The file is under a nonstandard top level directory, so
I need to specifically assign it the correct file context, which I
would do if I could figure out what it ought to be.
mount_loopback_t.
Yes this works. Thank you to everyone who replied. Thanks Eamon for
nurturing my understanding of selinux, which is what I hoped for when
posting. I will explore your suggestions.
Actually I did notice "mount_loopback_t" early in my exploration. But
I naively ignored it due to my expectation that "loopback" refers to a
network interface, not a "loop" device as used by mount.
I did not realise how widespread it is to confuse these terms. The
word loopback does not appear in 'man 8 mount'. It really surprises me
that the selinux specification is not more precise on this usage.
Surely "mount_loopback_t" is a mistake, it should be named "mount_loop_t".
Some people are never happy!! ;-)
I will change the label to mount_loop_t in rawhide/F11 policy. And
alias mount_loopback_t to it.
--
fedora-list mailing list
fedora-list@xxxxxxxxxx
To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list
Guidelines: http://fedoraproject.org/wiki/Communicate/MailingListGuidelines
