Re: mount ?

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



1. 'mount | cat' indeed works.
2. 'mount' from normal user also works.
3.  patch applied and works!

Thanks!
   tom


On Thu, 16 Sep 2004 13:51:32 -0400, Daniel J Walsh <dwalsh@xxxxxxxxxx> wrote:
> 
> 
> Tom London wrote:
> 
> > Running strict/enforcing, with latest from Dan's tree.
> >
> > The 'mount' command produces no output when run in enforcing mode.
> > Works fine in permissive mode.
> >
> > No AVCs produced.....
> >
> > tom
> >
> >
> > --
> > fedora-selinux-list mailing list
> > fedora-selinux-list@xxxxxxxxxx
> > http://www.redhat.com/mailman/listinfo/fedora-selinux-list
> 
> Try this.
> 
> diff --exclude-from=exclude -N -u -r nsapolicy/domains/program/mount.te
> policy-1.17.17/domains/program/mount.te
> --- nsapolicy/domains/program/mount.te  2004-09-14 09:18:10.000000000 -0400
> +++ policy-1.17.17/domains/program/mount.te     2004-09-16
> 13:50:45.899174425 -0400
> @@ -93,7 +93,8 @@
>  allow mount_t file_type:filesystem { unmount mount relabelto };
> 
>  allow mount_t mnt_t:dir { getattr };
> -dontaudit mount_t { userdomain kernel_t}:fd use;
> +allow mount_t { userdomain }:fd use;
> +dontaudit mount_t { kernel_t}:fd use;
>  can_exec(mount_t, { sbin_t bin_t })
>  allow mount_t device_t:dir r_dir_perms;
>  ifdef(`distro_redhat', `
> 
> 
> 
> --
> fedora-selinux-list mailing list
> fedora-selinux-list@xxxxxxxxxx
> http://www.redhat.com/mailman/listinfo/fedora-selinux-list
> 



-- 
Tom London

[Index of Archives]     [Fedora Users]     [Fedora Desktop]     [Big List of Linux Books]     [Yosemite News]     [Yosemite Campsites]     [KDE Users]     [Gnome Users]

  Powered by Linux