-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Louis E Garcia II wrote: > On Thu, 2008-03-13 at 19:58 -0400, Daniel J Walsh wrote: >> Louis E Garcia II wrote: >>> On Thu, 2008-03-13 at 16:30 -0400, Daniel J Walsh wrote: >>>> Louis E Garcia II wrote: >>>>> SELinux is preventing mount (mount_t) "mount" to / (unlabeled_t). >>>>> >>>>> Detailed Description: >>>>> >>>>> SELinux denied access requested by mount. It is not expected that this >>>>> access is >>>>> required by mount and this access may signal an intrusion attempt. It is >>>>> also >>>>> possible that the specific version or configuration of the application >>>>> is >>>>> causing it to require additional access. >>>>> >>>>> Allowing Access: >>>>> >>>>> You can generate a local policy module to allow this access - see FAQ >>>>> (http://fedora.redhat.com/docs/selinux-faq-fc5/#id2961385) Or you can >>>>> disable >>>>> SELinux protection altogether. Disabling SELinux protection is not >>>>> recommended. >>>>> Please file a bug report >>>>> (http://bugzilla.redhat.com/bugzilla/enter_bug.cgi) >>>>> against this package. >>>>> >>>>> Additional Information: >>>>> >>>>> Source Context system_u:system_r:mount_t:s0 >>>>> Target Context system_u:object_r:unlabeled_t:s0 >>>>> Target Objects / [ filesystem ] >>>>> Source mount >>>>> Source Path /bin/mount >>>>> Port <Unknown> >>>>> Host sonlaptop >>>>> Source RPM Packages util-linux-ng-2.13.1-1.fc8 >>>>> Target RPM Packages filesystem-2.4.11-1.fc8 >>>>> Policy RPM selinux-policy-3.0.8-87.fc8 >>>>> Selinux Enabled True >>>>> Policy Type targeted >>>>> MLS Enabled True >>>>> Enforcing Mode Enforcing >>>>> Plugin Name catchall >>>>> Host Name sonlaptop >>>>> Platform Linux sonlaptop 2.6.24.3-34.fc8 #1 SMP Wed >>>>> Mar 12 >>>>> 18:17:20 EDT 2008 i686 i686 >>>>> Alert Count 2 >>>>> First Seen Thu 13 Mar 2008 10:33:41 AM EDT >>>>> Last Seen Thu 13 Mar 2008 10:33:41 AM EDT >>>>> Local ID e4b0a819-9224-4c5c-949d-7e34dce371d2 >>>>> Line Numbers >>>>> >>>>> Raw Audit Messages >>>>> >>>>> host=sonlaptop type=AVC msg=audit(1205418821.88:27): avc: denied >>>>> { mount } for pid=3419 comm="mount" name="/" dev=fusectl ino=1 >>>>> scontext=system_u:system_r:mount_t:s0 >>>>> tcontext=system_u:object_r:unlabeled_t:s0 tclass=filesystem >>>>> >>>>> host=sonlaptop type=SYSCALL msg=audit(1205418821.88:27): arch=40000003 >>>>> syscall=21 success=no exit=-13 a0=b8803458 a1=b8804c90 a2=b8803f60 >>>>> a3=c0ed0001 items=0 ppid=3407 pid=3419 auid=500 uid=0 gid=0 euid=0 >>>>> suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts1 comm="mount" >>>>> exe="/bin/mount" subj=system_u:system_r:mount_t:s0 key=(null) >>>>> >>>>> >>>>> >>>> fusectl should be labeled in this release. Not sure why you are >>>> seeing this. >>> I have downgraded to fuse-2.7.0-8 just to test but this release also >>> does not start. I noticed that in this release: >>> -rwsr-xr-x root fuse >>> system_u:object_r:fusermount_exec_t:s0 /bin/fusermount >>> >>> as with the updated release fuse-2.7.3-2 >>> -rwsr-xr-x root root >>> system_u:object_r:fusermount_exec_t:s0 /bin/fusermount >>> >>> I do not remember if the policy also was updated. I changed the group to >>> fuse with no effect. >>> >>> I'm the only one seeing this? >>> >>> -Louis >>> >> Looks like the fix was added after selinux-policy-3.0.8-87.fc8 >> >> Please update to the latest policy in Fedora 8. > > selinux-policy-3.0.8-87.fc8 is the current release as of > today. /updates/testing has selinux-policy-3.0.8-93.fc8 which > fixed the problem. > > -Louis > > I release 91 but the fedora infrastructure seems to be bolixed. I will ping them. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.8 (GNU/Linux) Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org iEYEARECAAYFAkfadDYACgkQrlYvE4MpobNlLwCdFd4CQV+DykDRZRAbkaigGP7n CpQAoJUS6Ysd+xtknoXgZM0/4FZLGAle =5Sdm -----END PGP SIGNATURE----- -- fedora-list mailing list fedora-list@xxxxxxxxxx To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list
