FC5 ext3 Partition SELinux audits

Paul Howarth paul at city-fan.org
Tue Apr 18 13:08:20 UTC 2006 

danielf wrote:
> I just want to mount an ext3 partition w/ my fstab [work] but, I get some "Audits" from SELinux:
> udit(1145359952.812:30): avc:  denied  { read } for  pid=2319
> comm="pam_console_app" name="/" dev=hda7 ino=2
> scontext=system_u:system_r:pam_console_t:s0-s0:c0.c255
> tcontext=system_u:object_r:file_t:s0 tclass=dir
> audit(1145359952.812:31): avc:  denied  { search } for  pid=2319
> comm="pam_console_app" name="/" dev=hda7 ino=2
> scontext=system_u:system_r:pam_console_t:s0-s0:c0.c255
> tcontext=system_u:object_r:file_t:s0 tclass=dir
> audit(1145359952.816:32): avc:  denied  { read } for  pid=2319
> comm="pam_console_app" name="/" dev=hda7 ino=2
> scontext=system_u:system_r:pam_console_t:s0-s0:c0.c255
> tcontext=system_u:object_r:file_t:s0 tclass=dir
> audit(1145359952.816:33): avc:  denied  { search } for  pid=2319
> comm="pam_console_app" name="/" dev=hda7 ino=2
> scontext=system_u:system_r:pam_console_t:s0-s0:c0.c255
> tcontext=system_u:object_r:file_t:s0 tclass=dir
> audit(1145359952.820:34): avc:  denied  { read } for  pid=2319
> comm="pam_console_app" name="/" dev=hda7 ino=2
> scontext=system_u:system_r:pam_console_t:s0-s0:c0.c255
> tcontext=system_u:object_r:file_t:s0 tclass=dir
> audit(1145359952.820:35): avc:  denied  { search } for  pid=2319
> comm="pam_console_app" name="/" dev=hda7 ino=2
> scontext=system_u:system_r:pam_console_t:s0-s0:c0.c255
> tcontext=system_u:object_r:file_t:s0 tclass=dir
> audit(1145359952.820:36): avc:  denied  { read } for  pid=2319
> comm="pam_console_app" name="/" dev=hda7 ino=2
> scontext=system_u:system_r:pam_console_t:s0-s0:c0.c255
> tcontext=system_u:object_r:file_t:s0 tclass=dir
> audit(1145359952.824:37): avc:  denied  { read } for  pid=2319
> comm="pam_console_app" name="/" dev=hda7 ino=2
> scontext=system_u:system_r:pam_console_t:s0-s0:c0.c255
> tcontext=system_u:object_r:file_t:s0 tclass=dir
> audit(1145359952.824:38): avc:  denied  { search } for  pid=2319
> comm="pam_console_app" name="/" dev=hda7 ino=2
> scontext=system_u:system_r:pam_console_t:s0-s0:c0.c255
> tcontext=system_u:object_r:file_t:s0 tclass=dir
> audit(1145359952.824:39): avc:  denied  { search } for  pid=2319
> comm="pam_console_app" name="/" dev=hda7 ino=2
> scontext=system_u:system_r:pam_console_t:s0-s0:c0.c255
> tcontext=system_u:object_r:file_t:s0 tclass=dir
> audit(1145359952.828:40): avc:  denied  { read } for  pid=2319
> comm="pam_console_app" name="/" dev=hda7 ino=2
> scontext=system_u:system_r:pam_console_t:s0-s0:c0.c255
> tcontext=system_u:object_r:file_t:s0 tclass=dir
> audit(1145359952.828:41): avc:  denied  { search } for  pid=2319
> comm="pam_console_app" name="/" dev=hda7 ino=2
> scontext=system_u:system_r:pam_console_t:s0-s0:c0.c255
> tcontext=system_u:object_r:file_t:s0 tclass=dir
> audit(1145359952.832:42): avc:  denied  { read } for  pid=2319
> comm="pam_console_app" name="/" dev=hda7 ino=2
> scontext=system_u:system_r:pam_console_t:s0-s0:c0.c255
> tcontext=system_u:object_r:file_t:s0 tclass=dir
> audit(1145359952.832:43): avc:  denied  { search } for  pid=2319
> comm="pam_console_app" name="/" dev=hda7 ino=2
> scontext=system_u:system_r:pam_console_t:s0-s0:c0.c255
> tcontext=system_u:object_r:file_t:s0 tclass=dir
> audit(1145359952.832:44): avc:  denied  { read } for  pid=2319
> comm="pam_console_app" name="/" dev=hda7 ino=2
> scontext=system_u:system_r:pam_console_t:s0-s0:c0.c255
> tcontext=system_u:object_r:file_t:s0 tclass=dir
> audit(1145359952.836:45): avc:  denied  { search } for  pid=2319
> comm="pam_console_app" name="/" dev=hda7 ino=2
> scontext=system_u:system_r:pam_console_t:s0-s0:c0.c255
> tcontext=system_u:object_r:file_t:s0 tclass=dir
> audit(1145359952.836:46): avc:  denied  { read } for  pid=2319
> comm="pam_console_app" name="/" dev=hda7 ino=2
> scontext=system_u:system_r:pam_console_t:s0-s0:c0.c255
> tcontext=system_u:object_r:file_t:s0 tclass=dir
> audit(1145359952.836:47): avc:  denied  { search } for  pid=2319
> comm="pam_console_app" name="/" dev=hda7 ino=2
> scontext=system_u:system_r:pam_console_t:s0-s0:c0.c255
> tcontext=system_u:object_r:file_t:s0 tclass=dir
> audit(1145359952.840:48): avc:  denied  { read } for  pid=2319
> comm="pam_console_app" name="/" dev=hda7 ino=2
> scontext=system_u:system_r:pam_console_t:s0-s0:c0.c255
> tcontext=system_u:object_r:file_t:s0 tclass=dir
> audit(1145359952.840:49): avc:  denied  { search } for  pid=2319
> comm="pam_console_app" name="/" dev=hda7 ino=2
> scontext=system_u:system_r:pam_console_t:s0-s0:c0.c255
> tcontext=system_u:object_r:file_t:s0 tclass=dir
> audit(1145359952.844:50): avc:  denied  { read } for  pid=2319
> comm="pam_console_app" name="/" dev=hda7 ino=2
> scontext=system_u:system_r:pam_console_t:s0-s0:c0.c255
> tcontext=system_u:object_r:file_t:s0 tclass=dir
> audit(1145359952.876:51): avc:  denied  { search } for  pid=2319
> comm="pam_console_app" name="/" dev=hda7 ino=2
> scontext=system_u:system_r:pam_console_t:s0-s0:c0.c255
> tcontext=system_u:object_r:file_t:s0 tclass=dir
> Last login: Tue Apr 18 13:29:00 on tty2
> 
> my fstab:
> LABEL=/ / ext3 defaults 1 1
> LABEL=/boot1 /boot ext3 defaults 1 2
> devpts /dev/pts devpts gid=5,mode=620 0 0
> tmpf /dev/shm tmpfs defaults 0 0
> proc /proc proc defaults 0 0
> sysfs /sys sysfs defaults 0 0
> LABEL=SWAP-hda5 swap swap defaults 0 0
> LABEL=/mnt /mnt ext3 auto 1 2 <- i´ve tested w/ 0 0 / 1 1 / 1 2 / 1 4 but nothing works

"1 2" is right.

See if this helps:

# chcon -t mnt_t /mnt

(do this with /mnt unmounted and then again after mounting the partition 
manually)

Paul.

More information about the fedora-list mailing list