On Thu, 2006-04-13 at 10:25 -0500, J. K. Cliburn wrote: > On 4/12/06, Stephen Smalley <sds@xxxxxxxxxxxxx> wrote:> On Wed, > 2006-04-12 at 14:43 -0400, Stephen Smalley wrote:> > > And "some > process" can be as simple as umount:> > >> > > # ls -Z /etc/mtab> > > > -rw-r--r-- root root > system_u:object_r:etc_runtime_t /etc/mtab> > > # ls -i /etc/mtab> > > > 31987 /etc/mtab> > > # umount /opt> > > # ls > -Z /etc/mtab> > > -rw-r--r-- root root > user_u:object_r:etc_t /etc/mtab> > > # ls -i /etc/mtab> > > > 33358 /etc/mtab> >> > Hmm...that's interesting. umount should > run in the same domain as> > mount, and they should thus have a type > transition on etc_t:file to> > etc_runtime_t. ls -Z /bin/umount>> > Looks like there is no transition defined into mount_t from> > unconfined_t? So umount and mount are just run in unconfined_t? And> > unconfined_t lacks the type transition? > Sorry to be a pest, but what action do I need to take on my system > toenable correct floppy drive mounting and unmounting? Seems like a policy bug (omission of a transition from unconfined_t to mount_t) to me. Otherwise, /etc/mtab is going to lose its type every time you run mount/umount from the shell. Dan? -- Stephen Smalley National Security Agency -- fedora-selinux-list mailing list fedora-selinux-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/fedora-selinux-list
