On Wed, 2004-04-14 at 17:50, W. Michael Petullo wrote: > I added a mounton rule, but this did not solve my problem. I am > especially confused by the fact that SELinux is not logging any failures. > I would expect an "avc: denied" error. This feels like a traditional > Unix permissions issue but does not occur when SELinux is not enforcing > its policies. There are a few things that SELinux will deny but not generate a log message for. is the big one. That's bitten me in the past. In your particular case, if pam_mount is being run before su transitions to the sysadm_r role, then you'll probably get denials from user_r not being authorized for the mount_t domain. Solution: role $1_r types mount_t;
