mount ?
Russell Coker
russell at coker.com.au
Thu Sep 23 12:51:32 UTC 2004
On Fri, 17 Sep 2004 03:51, Daniel J Walsh <dwalsh at redhat.com> wrote:
> Tom London wrote:
> > Running strict/enforcing, with latest from Dan's tree.
> >
> > The 'mount' command produces no output when run in enforcing mode.
> > Works fine in permissive mode.
>
> Try this.
>
> diff --exclude-from=exclude -N -u -r nsapolicy/domains/program/mount.te
> policy-1.17.17/domains/program/mount.te
> --- nsapolicy/domains/program/mount.te 2004-09-14 09:18:10.000000000 -0400
> +++ policy-1.17.17/domains/program/mount.te 2004-09-16
> 13:50:45.899174425 -0400
> @@ -93,7 +93,8 @@
> allow mount_t file_type:filesystem { unmount mount relabelto };
>
> allow mount_t mnt_t:dir { getattr };
> -dontaudit mount_t { userdomain kernel_t}:fd use;
> +allow mount_t { userdomain }:fd use;
> +dontaudit mount_t { kernel_t}:fd use;
https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=132914
This is a bug in su which we have to get fixed.
In the mean time it's best to have ifdef(`distro_redhat' around that as no
other distribution has this issue.
--
http://www.coker.com.au/selinux/ My NSA Security Enhanced Linux packages
http://www.coker.com.au/bonnie++/ Bonnie++ hard drive benchmark
http://www.coker.com.au/postal/ Postal SMTP/POP benchmark
http://www.coker.com.au/~russell/ My home page
More information about the fedora-selinux-list
mailing list