[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: Selinux disallows read-only loop mount of a file, but only at boot [SOLVED]



On 05/05/2009 08:17 PM, David wrote:
On Wed, May 6, 2009 at 8:58 AM, Eamon Walsh<ewalsh tycho nsa gov>  wrote:
David wrote:
I'm attempting to mount a loop device (a ro file) at boot using fstab.
My fstab entry works fine from the command line, but it fails at boot
time due to a selinux avc error. I assume this is due to incorrect
file context. The file is under a nonstandard top level directory, so
I need to specifically assign it the correct file context, which I
would do if I could figure out what it ought to be.
mount_loopback_t.

Yes this works. Thank you to everyone who replied. Thanks Eamon for
nurturing my understanding of selinux, which is what I hoped for when
posting. I will explore your suggestions.

Actually I did notice "mount_loopback_t" early in my exploration. But
I naively ignored it due to my expectation that "loopback" refers to a
network interface, not a "loop" device as used by mount.

I did not realise how widespread it is to confuse these terms. The
word loopback does not appear in 'man 8 mount'. It really surprises me
that the selinux specification is not more precise on this usage.

Surely "mount_loopback_t" is a mistake, it should be named "mount_loop_t".

Some people are never happy!! ;-)


I will change the label to mount_loop_t in rawhide/F11 policy. And alias mount_loopback_t to it.


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]