On 10/18/2012 03:36 PM, Anamitra Dutta Majumdar (anmajumd) wrote:
Hi Stephen, In the dmesg output we see the following selinux messages.
<snip>
SELinux: initialized (dev dbcfs, type dbcfs), uses mountpoint labeling SELinux: initialized (dev dbcfs, type dbcfs), uses mountpoint labeling SELinux: initialized (dev dbcfs, type dbcfs), uses mountpoint labeling SELinux: initialized (dev dbcfs, type dbcfs), uses mountpoint labeling SELinux: initialized (dev dbcfs, type dbcfs), uses mountpoint labeling SELinux: initialized (dev dbcfs, type dbcfs), uses mountpoint labeling SELinux: initialized (dev dbcfs, type dbcfs), uses mountpoint labeling
I assume that dbcfs is the relevant filesystem? So you are using mountpoint labeling, i.e. passing context= to the mount command with a specific security context to use, and the policy doesn't know anything about this filesystem type. So its initial label is unlabeled_t, and by passing a context= option, you are triggering a relabelfrom check to see if the mount program is authorized to set the context. You can just allow it in your policy. Should have been present even in RHEL5, I think.
-- selinux mailing list selinux@xxxxxxxxxxxxxxxxxxxxxxx https://admin.fedoraproject.org/mailman/listinfo/selinux
