A little background -- I have my music collection stored on 5 reiserfs
filesystems, on top of five separate software RAID devices (md4-md8). I
use httpd to make them available on my *home* network (and if the RIAA
has a problem with that they can kiss my lilly-white...sorry). I
generally mount them as /var/www/html/music/music{0,1,2,3,4}.
Today I rebooted my system (Fedora Core 5, fully updated) and got some
bizarre warnings about being unable to mount a block device read-only.
Sure enough...
audit(1143570731.388:11): avc: denied { mounton } for pid=1703
comm="mount" name="music0" dev=md1 ino=131232
scontext=system_u:system_r:mount_t:s0
tcontext=root:object_r:httpd_sys_content_t:s0 tclass=dir
Hmm, looks like a special context is now needed for mount points. I can
see why that might be a good idea, so...
chcon system_u:system_r:mount_t /var/www/html/music/*
chcon: failed to change context of /var/www/html/music/music0 to
system_u:system_r:mount_t: Permission denied
type=AVC msg=audit(1143571740.714:59): avc: denied { relabelto } for
pid=3036 comm="chcon" name="music0" dev=md1 ino=131232
scontext=user_u:system_r:unconfined_t:s0-s0:c0.c255
tcontext=system_u:system_r:mount_t:s0 tclass=dir
This is either a learning opportunity for me, or a serious problem. I
can't wait to find out which.
Thanks!
--
========================================================================
Ian Pilcher i.pilcher@xxxxxxxxxxx
========================================================================
--
fedora-selinux-list mailing list
fedora-selinux-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/fedora-selinux-list
