1. 'mount | cat' indeed works. 2. 'mount' from normal user also works. 3. patch applied and works! Thanks! tom On Thu, 16 Sep 2004 13:51:32 -0400, Daniel J Walsh <dwalsh@xxxxxxxxxx> wrote: > > > Tom London wrote: > > > Running strict/enforcing, with latest from Dan's tree. > > > > The 'mount' command produces no output when run in enforcing mode. > > Works fine in permissive mode. > > > > No AVCs produced..... > > > > tom > > > > > > -- > > fedora-selinux-list mailing list > > fedora-selinux-list@xxxxxxxxxx > > http://www.redhat.com/mailman/listinfo/fedora-selinux-list > > Try this. > > diff --exclude-from=exclude -N -u -r nsapolicy/domains/program/mount.te > policy-1.17.17/domains/program/mount.te > --- nsapolicy/domains/program/mount.te 2004-09-14 09:18:10.000000000 -0400 > +++ policy-1.17.17/domains/program/mount.te 2004-09-16 > 13:50:45.899174425 -0400 > @@ -93,7 +93,8 @@ > allow mount_t file_type:filesystem { unmount mount relabelto }; > > allow mount_t mnt_t:dir { getattr }; > -dontaudit mount_t { userdomain kernel_t}:fd use; > +allow mount_t { userdomain }:fd use; > +dontaudit mount_t { kernel_t}:fd use; > can_exec(mount_t, { sbin_t bin_t }) > allow mount_t device_t:dir r_dir_perms; > ifdef(`distro_redhat', ` > > > > -- > fedora-selinux-list mailing list > fedora-selinux-list@xxxxxxxxxx > http://www.redhat.com/mailman/listinfo/fedora-selinux-list > -- Tom London
