On 10/18/2012 01:08 PM, Anamitra Dutta Majumdar (anmajumd) wrote:
We have been recently seeing some denials related to one of our files I ramfs The audit2allow shows as follows allow mount_t unlabeled_t:filesystem relabelfrom; Our product is based on RHEL6 . We did not see this in the RHEL5 version of our product. Why would there be files of type unlabeled_t on the system with the move to RHEL6?
Note that the class was "filesystem", not "file". So this is a denial upon an attempt to mount a filesystem with a context= or fscontext= mount option. The fact that it was originally unlabeled_t means that the policy had no entry for the filesystem type in its fs_use or genfs_contexts configuration. You should have gotten another message from SELinux (with a SELinux: prefix) when it was first mounted about it not being configured for labeling.
-- selinux mailing list selinux@xxxxxxxxxxxxxxxxxxxxxxx https://admin.fedoraproject.org/mailman/listinfo/selinux
