selinux not allowing fuse to mount with todays f8 updates

Daniel J Walsh dwalsh at redhat.com
Fri Mar 14 12:53:16 UTC 2008 

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Brian Chadwick wrote:
> Louis E Garcia II wrote:
>> SELinux is preventing mount (mount_t) "mount" to / (unlabeled_t).
>>
>> Detailed Description:
>>
>> SELinux denied access requested by mount. It is not expected that this
>> access is
>> required by mount and this access may signal an intrusion attempt. It is
>> also
>> possible that the specific version or configuration of the application
>> is
>> causing it to require additional access.
>>
>> Allowing Access:
>>
>> You can generate a local policy module to allow this access - see FAQ
>> (http://fedora.redhat.com/docs/selinux-faq-fc5/#id2961385) Or you can
>> disable
>> SELinux protection altogether. Disabling SELinux protection is not
>> recommended.
>> Please file a bug report
>> (http://bugzilla.redhat.com/bugzilla/enter_bug.cgi)
>> against this package.
>>
>> Additional Information:
>>
>> Source Context                system_u:system_r:mount_t:s0
>> Target Context                system_u:object_r:unlabeled_t:s0
>> Target Objects                / [ filesystem ]
>> Source                        mount
>> Source Path                   /bin/mount
>> Port                          <Unknown>
>> Host                          sonlaptop
>> Source RPM Packages           util-linux-ng-2.13.1-1.fc8
>> Target RPM Packages           filesystem-2.4.11-1.fc8
>> Policy RPM                    selinux-policy-3.0.8-87.fc8
>> Selinux Enabled               True
>> Policy Type                   targeted
>> MLS Enabled                   True
>> Enforcing Mode                Enforcing
>> Plugin Name                   catchall
>> Host Name                     sonlaptop
>> Platform                      Linux sonlaptop 2.6.24.3-34.fc8 #1 SMP Wed
>> Mar 12
>>                               18:17:20 EDT 2008 i686 i686
>> Alert Count                   2
>> First Seen                    Thu 13 Mar 2008 10:33:41 AM EDT
>> Last Seen                     Thu 13 Mar 2008 10:33:41 AM EDT
>> Local ID                      e4b0a819-9224-4c5c-949d-7e34dce371d2
>> Line Numbers                 
>> Raw Audit Messages           
>> host=sonlaptop type=AVC msg=audit(1205418821.88:27): avc:  denied
>> { mount } for  pid=3419 comm="mount" name="/" dev=fusectl ino=1
>> scontext=system_u:system_r:mount_t:s0
>> tcontext=system_u:object_r:unlabeled_t:s0 tclass=filesystem
>>
>> host=sonlaptop type=SYSCALL msg=audit(1205418821.88:27): arch=40000003
>> syscall=21 success=no exit=-13 a0=b8803458 a1=b8804c90 a2=b8803f60
>> a3=c0ed0001 items=0 ppid=3407 pid=3419 auid=500 uid=0 gid=0 euid=0
>> suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts1 comm="mount"
>> exe="/bin/mount" subj=system_u:system_r:mount_t:s0 key=(null)
>>
>>
>>
>>
>>   
> 
> i have the same effect here after the latest fuse update.
> 
I marked selinux-policy-3.0.8-93.fc8 as stable, it should be out soon,
you can download it from Fedora-testing.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.8 (GNU/Linux)
Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org

iEYEARECAAYFAkfadTwACgkQrlYvE4MpobNSigCfWxW/eHzPSuUCzMfmAu0cAJtS
hfIAoJymF1CN0PHoVk8FsQB6h7YU/GU/
=6DkH
-----END PGP SIGNATURE-----

More information about the fedora-list mailing list