SELinux enforcing disallows opening floppy drive in Nautilus
Stephen Smalley
sds at tycho.nsa.gov
Thu Apr 13 15:52:54 UTC 2006
On Thu, 2006-04-13 at 10:25 -0500, J. K. Cliburn wrote:
> On 4/12/06, Stephen Smalley <sds at tycho.nsa.gov> wrote:> On Wed,
> 2006-04-12 at 14:43 -0400, Stephen Smalley wrote:> > > And "some
> process" can be as simple as umount:> > >> > > # ls -Z /etc/mtab> >
> > -rw-r--r-- root root
> system_u:object_r:etc_runtime_t /etc/mtab> > > # ls -i /etc/mtab>
> > > 31987 /etc/mtab> > > # umount /opt> > > # ls
> -Z /etc/mtab> > > -rw-r--r-- root root
> user_u:object_r:etc_t /etc/mtab> > > # ls -i /etc/mtab>
> > > 33358 /etc/mtab> >> > Hmm...that's interesting. umount should
> run in the same domain as> > mount, and they should thus have a type
> transition on etc_t:file to> > etc_runtime_t. ls -Z /bin/umount>>
> Looks like there is no transition defined into mount_t from>
> unconfined_t? So umount and mount are just run in unconfined_t? And>
> unconfined_t lacks the type transition?
> Sorry to be a pest, but what action do I need to take on my system
> toenable correct floppy drive mounting and unmounting?
Seems like a policy bug (omission of a transition from unconfined_t to
mount_t) to me. Otherwise, /etc/mtab is going to lose its type every
time you run mount/umount from the shell. Dan?
--
Stephen Smalley
National Security Agency
More information about the fedora-selinux-list
mailing list