Eric Paris wrote:
On Wed, 2008-07-30 at 12:18 +0100, Paul Howarth wrote:
The underlying problem is that "mount", when run confined by SELinux, is
only allowed to mount filesystems on mount points that have specific
context types, such as mnt_t. If you set up your partitioning at install
time, the installer generally sets the context types of the directories
to be used as mount points correctly. However, if you change your
filesystem arrangement at a later date then the mount point directory
you're using will probably have some other context type, such as
mail_spool_t in this case, which mount isn't normally allowed to use as
a mount point, and you get the AVC denials and failure to mount as a
result. The fix is simply to label the mount point directory
appropriately for a mount point.
setsebool -P allow_mount_anyfile 1
should let him mount without any labeling changes right? You should be
able to find this boolean in system-config-selinux and setroubleshoot
should have suggested toggling this boolean.
Yes, that should work too but would be more permissive than fixing the
mountpoint context.
Paul.
--
fedora-selinux-list mailing list
fedora-selinux-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/fedora-selinux-list
