Re: Pam_mount and SELinux

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Wed, 2004-04-14 at 17:50, W. Michael Petullo wrote:

> I added a mounton rule, but this did not solve my problem.  I am
> especially confused by the fact that SELinux is not logging any failures.
> I would expect an "avc: denied" error.  This feels like a traditional
> Unix permissions issue but does not occur when SELinux is not enforcing
> its policies.

There are a few things that SELinux will deny but not generate a log
message for.  is the big one.  That's bitten me in the past.

In your particular case, if pam_mount is being run before su transitions
to the sysadm_r role, then you'll probably get denials from user_r not
being authorized for the mount_t domain.

Solution:

role $1_r types mount_t;



[Index of Archives]     [Fedora Users]     [Fedora Desktop]     [Big List of Linux Books]     [Yosemite News]     [Yosemite Campsites]     [KDE Users]     [Gnome Users]

  Powered by Linux