Mounting FC1 cd1 as normal user fails when in enforcing mode, but is
allowed (with audit) when in permissive mode.
Note: I relinked files in a modified way, it is straightforward, but I
apologize if it confuses (/mnt/cdrom1 is not used, but links
to /mnt/cdrw).
/mnt/cdrw: directory
/dev/hdd: block special (22/64)
426829 8 drwxr-xr-x 2 system_u:object_r:mnt_t 0 0 4 Mar 29 17:33 cdrw/
66236 4 brw------- 1 system_u:object_r:fixed_disk_device_t 502 6
22, 64 Feb 23 13:02 hdd
$-> getenforce
enforcing
$-> mount /mnt/cdrw
mount: only root can mount /dev/hdd on /mnt/cdrw
(root runs setenforce 0)
(normal user)
$-> mount /mnt/cdrw
(success mounting)
-- audit generated
Apr 18 18:17:07 CirithUngol kernel: audit(1082326627.383:0): avc:
denied { getattr } for pid=20162 exe=/bin/mount path=/dev/hdd dev=hdb8
ino=66236 scontext=user_u:user_r:user_mount_t
tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file
/etc/fstab entry:
/dev/hdd /mnt/cdrw iso9660 noauto,owner,ro 0 0
policy version:
policy-1.11.2-9
(a full relabel was not performed since this policy was updated)
--
Andrew Farris, CPE senior (California Polytechnic State University, SLO)
fedora@xxxxxxxxxxxxxxxx :: lmorgul on irc.freenode.net
"The only thing necessary for the triumph of evil is for good men
to do nothing." (Edmond Burke)
