Can an ISO be specified allow mount "setsebool -P allow_mount_iso=1" insted of "setsebool -P allow_mount_anyfile=1" SE context samba share

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]



Summary:

SELinux prevented mount from mounting on the file or directory
"./Fedora-9-Everything-i386-DVD1.iso" (type "samba_share_t").

Detailed Description:

SELinux prevented mount from mounting a filesystem on the file or
directory
"./Fedora-9-Everything-i386-DVD1.iso" of type "samba_share_t". By
default
SELinux limits the mounting of filesystems to only some files or
directories
(those with types that have the mountpoint attribute). The type
"samba_share_t"
does not have this attribute. You can either relabel the file or
directory or
set the boolean "allow_mount_anyfile" to true to allow mounting on any
file or
directory.

Allowing Access:

Changing the "allow_mount_anyfile" boolean to true will allow this
access:
"setsebool -P allow_mount_anyfile=1."

The following command will allow this access:

setsebool -P allow_mount_anyfile=1

Additional Information:

Source Context                system_u:system_r:mount_t
Target Context                user_u:object_r:samba_share_t
Target Objects                ./Fedora-9-Everything-i386-DVD1.iso
[ file ]
Source                        mount
Source Path                   /bin/mount
Port                          <Unknown>
Host                          server-01
Source RPM Packages           util-linux-2.13-0.47.el5
Target RPM Packages           
Policy RPM                    selinux-policy-2.4.6-137.1.el5
Selinux Enabled               True
Policy Type                   targeted
MLS Enabled                   True
Enforcing Mode                Enforcing
Plugin Name                   allow_mount_anyfile
Host Name                     server-01
Platform                      Linux server-01 2.6.18-92.1.6.el5 #1 SMP
Wed Jun
                              25 13:49:24 EDT 2008 i686 athlon
Alert Count                   3
First Seen                    Sun 13 Jul 2008 10:26:26 IST
Last Seen                     Sun 13 Jul 2008 11:07:49 IST
Local ID                      268bdb54-5d8d-4c81-b7ba-0392b5cea34e
Line Numbers                  

Raw Audit Messages            

host=server-01 type=AVC msg=audit(1215943669.186:14): avc:  denied
{ write } for  pid=2898 comm="mount"
name="Fedora-9-Everything-i386-DVD1.iso" dev=md2 ino=8585227
scontext=system_u:system_r:mount_t:s0
tcontext=user_u:object_r:samba_share_t:s0 tclass=file

host=server-01 type=SYSCALL msg=audit(1215943669.186:14): arch=40000003
syscall=5 success=no exit=-13 a0=9fd5450 a1=8002 a2=0 a3=8002 items=0
ppid=2877 pid=2898 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0
egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="mount"
exe="/bin/mount" subj=system_u:system_r:mount_t:s0 key=(null)




_______________________________________________
CentOS mailing list
CentOS@xxxxxxxxxx
http://lists.centos.org/mailman/listinfo/centos

[Index of Archives]     [CentOS]     [CentOS Announce]     [CentOS Development]     [CentOS ARM Devel]     [CentOS Docs]     [CentOS Virtualization]     [Carrier Grade Linux]     [Linux Media]     [Asterisk]     [DCCP]     [Netdev]     [Xorg]     [Linux USB]
  Powered by Linux