[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]

Re: Pam_mount and SELinux

From: Colin Walters <walters redhat com>
To: "Fedora SELinux support list for users & developers." <fedora-selinux-list redhat com>
Subject: Re: Pam_mount and SELinux
Date: Wed, 14 Apr 2004 19:21:38 -0400

On Wed, 2004-04-14 at 17:50, W. Michael Petullo wrote:

> I added a mounton rule, but this did not solve my problem.  I am
> especially confused by the fact that SELinux is not logging any failures.
> I would expect an "avc: denied" error.  This feels like a traditional
> Unix permissions issue but does not occur when SELinux is not enforcing
> its policies.

There are a few things that SELinux will deny but not generate a log
message for.  is the big one.  That's bitten me in the past.

In your particular case, if pam_mount is being run before su transitions
to the sysadm_r role, then you'll probably get denials from user_r not
being authorized for the mount_t domain.

Solution:

role $1_r types mount_t;

Follow-Ups:
- Re: Pam_mount and SELinux
  - From: Colin Walters
- Re: Pam_mount and SELinux
  - From: W. Michael Petullo

References:
- Pam_mount and SELinux
  - From: W. Michael Petullo
- Re: Pam_mount and SELinux
  - From: Daniel J Walsh
- Re: Pam_mount and SELinux
  - From: W. Michael Petullo

[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]