On Sun, 2006-03-26 at 09:48 +0100, Paul Howarth wrote: > The "context" and "fscontext" mount options no longer seem to be > supported by mount in FC5: > > # mount -r -o > loop,fscontext=system_u:object_r:public_content_t /srv/softlib/fedora/bordeaux/FC-5-i386-DVD.iso /srv/softlib/fedora/bordeaux/dvd > mount: wrong fs type, bad option, bad superblock on /dev/loop1, > missing codepage or other error > In some cases useful info is found in syslog - try > dmesg | tail or so > > The same command fails in the same way with "fscontext" changed to > "context", but works if neither of those options is present. This leaves > me with the mounted DVD image having a context of iso9660_t, which is > reasonable but not what I want for serving out a local yum repository. > > So how can I get ISO images mounted with public_content_t in FC5? > > Or am I going to have to create a policy module to allow httpd, ftpd, > samba etc. to read iso9660_t? Error message that I get in /var/log/messages is SELinux: security_context_to_sid(system_u:object_r:public_content_t) failed ... errno=-22 (EINVAL). But if I add a ':s0' suffix to the context, it works. So IIUC the problem here is that mount is directly passing the user-supplied context to the kernel without interacting with libselinux to translate it (via selinux_trans_to_raw_context). Needs to be patched accordingly, and updated in FC5 as well as rawhide. -- Stephen Smalley National Security Agency -- fedora-selinux-list mailing list fedora-selinux-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/fedora-selinux-list
