On Wed, 2004-04-14 at 17:50, W. Michael Petullo wrote: > I added a mounton rule, but this did not solve my problem. I am > especially confused by the fact that SELinux is not logging any failures. > I would expect an "avc: denied" error. This feels like a traditional > Unix permissions issue but does not occur when SELinux is not enforcing > its policies. If you are trying to do this from user_r, then it will fail because the user_r role is not presently authorized for the mount_t domain. The preferred approach would be to use the mount_domain() macro to define a separate user_mount_t domain that is less privileged than the full mount_t domain, and then authorize user_r for it. -- Stephen Smalley <sds@xxxxxxxxxxxxxx> National Security Agency
