On Mon, 2006-08-07 at 10:06 -0400, Stephen Smalley wrote: > On Sun, 2006-08-06 at 19:26 +0100, Paul Howarth wrote: > > On Sun, 2006-08-06 at 01:38 -0400, D. Hugh Redelmeier wrote: > > > [I sent this to fedora-list@xxxxxxxxxx a couple of minutes ago. I > > > apologize for cross-posting.] > > > > > > I installed 32-bit Fedora Core 5 on an Athlon-64 box. I intended this > > > installation to co-exist with a 64-bit Fedora Core 3 installation. > > > The two installations share a /home ext3 partition and the swap partition. > > > This is often how I do upgrades: a dual boot system with both old and > > > new bootable. > > > > > > The problem is that the FC5 installation did something to > > > the /home partition that prevents the FC3 from mounting it. > > > > > > When I manually try a mount of /home from FC3, the useless > > > mount-failure message is preceded by these messages. I think that > > > they are the key: > > > > > > inode_doinit_with_dentry: context_to_sid(system_u:object_r:home_root_t:s0) returned 22 for dev=hda5 ino=2 > > > inode_doinit_with_dentry: context_to_sid(system_u:object_r:home_root_t:s0) returned 22 for dev=hda5 ino=2 > > > > > > (In dmesg, these two messages were preceded by these that might be relevant: > > > kjournald starting. Commit interval 5 seconds > > > EXT3 FS on hda5, internal journal > > > EXT3-fs: mounted filesystem with ordered data mode. > > > SELinux: initialized (dev hda5, type ext3), uses xattr > > > ) > > > > > > (The useless mount failure message is: > > > mount: wrong fs type, bad option, bad superblock on /dev/hda5 > > > or too many mounted file systems > > > This message is disgracefully non-specific.) > > > > > > I think that this is a problem with SELinux. The following thread > > > looks relevant but unhelpful: > > > http://www.redhat.com/archives/fedora-selinux-list/2006-April/msg00002.html > > > It provides a solution (I hope) for FC4 but FC3 would not have such an update. > > > > I think you're right; the underlying issue is that FC5 file contexts > > have 4 parts and FC4 and earlier have 3 parts (the extra part being for > > MLS). The fix for FC4 was to apply a patch so that the kernel could deal > > with (though probably not use) the MLS part. With FC3 now supported by > > the Fedora Legacy project, who only usually do updates for security > > issues, I think the chances of this getting fixed by them for FC3 are > > slim to none. > > > > You might be able to find the MLS patch in the FC4 kernel and see if you > > could get it to apply on the FC3 kernel though. > > > > > I tried using enforcing=0 on the FC3 kernel command line, but nothing changed. > > > > > > I thought ext3 was compatible between Fedora releases. Unfortunately, > > > SELinux seems to have made things a lot more brittle. > > > > > > ==> Is there something simple that I can do to allow the existing > > > /home ext3 partition to be shared between FC3 and FC5? > > > > Can't think of any offhand. > > Unfortunately, aside from patching your FC3 kernel and rebuilding it, I > think your only option is to disable SELinux for FC3 altogether, i.e. > boot it with selinux=0 or set SELINUX=disabled in /etc/selinux/config. Note btw that SELinux is broken in FC3 anyway if you ever try using a modern kernel (>= 2.6.14), unless you also update your policy toolchain and policy to something more modern. -- Stephen Smalley National Security Agency -- fedora-selinux-list mailing list fedora-selinux-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/fedora-selinux-list
