|
Hello I’m running Fedora Core 5 Server with unionfs
file system to merge some directories and export them through nfs. SELinux is
in enforcing mode and the targeted-policy is selected. Unionfs is build with extended
attributes support (EXTRACFLAGS=-DUNIONFS_XATTR). When I try to mount the union from a client I get a permission
denied error from server. The following is in my /var/log/messages on the
server: Nov 1 10:32:43 localhost kernel: SELinux:
initialized (dev unionfs, type unionfs), not configured for labeling Nov 1 10:32:43 localhost kernel:
audit(1162373563.375:109): avc: denied { getattr } for
pid=2021 comm="hald" name="/" dev=unionfs ino=744
scontext=system_u:system_r:hald_t:s0 tcontext=system_u:object_r:unlabeled_t:s0
tclass=dir Nov 1 10:50:57 localhost kernel:
audit(1162374657.604:110): avc: denied { getattr } for
pid=1810 comm="rpc.mountd" name="/" dev=unionfs ino=744
scontext=system_u:system_r:nfsd_t:s0 tcontext=system_u:object_r:unlabeled_t:s0
tclass=dir Nov 1 10:50:57 localhost mountd[1810]:
authenticated mount request from 192.168.1.13:1011 for /test (/test) Nov 1 10:50:57 localhost kernel:
audit(1162374657.632:111): avc: denied { getattr } for
pid=1810 comm="rpc.mountd" name="/" dev=unionfs ino=744
scontext=system_u:system_r:nfsd_t:s0 tcontext=system_u:object_r:unlabeled_t:s0
tclass=dir Nov 1 10:50:57 localhost mountd[1810]: can't
stat exported dir /test: Permission denied For the Red Hat Enterprise Linux there is a
workaround: 1. Install strict/targetted selinux policy sources 2. Open /etc/selinux/<policy_type>/src/policy/fs_use 3. Append "fs_use_xattr unionfs system_u:object_r:fs_t;"
4.
Compile, install, and reload the selinux policy How can I adopt the workaround to work on Fedora 5, because
there are no policy sources available? How can I define "fs_use_xattr unionfs
system_u:object_r:fs_t;" on Fedora Core 5? Thanks! Andreas Sachs |
-- fedora-selinux-list mailing list fedora-selinux-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/fedora-selinux-list
