[redhat-lspp] Re: Re: mount problems with latest refresh
Klaus Heinrich Kiwi
klausk at br.ibm.com
Thu Dec 14 13:17:00 UTC 2006
Em Thu, 14 Dec 2006 07:49:20 -0500, Stephen Smalley escreveu:
> On Thu, 2006-12-14 at 09:49 -0200, Klaus Heinrich Kiwi wrote:
>> Em Wed, 13 Dec 2006 18:17:02 -0500, Daniel J Walsh escreveu:
>>
>> > Any avc messages?
>>
>> None!
>>
>> Only this error message (which also is echoed at the machine's console):
>>
>> SELinux:
>> security_context_to_sid("system_u:object_r:tmp_t:s0-s15:c0.c1023") failed
>> for (dev hdc, type iso9660) errno=-22
>>
>> (erro -22 = EINVAL iirc)
>>
>> Any special audit rule that may help?
>
> It isn't a permission denial, just an invalid context error from
> security_context_to_sid(). If you try using the same context in e.g. a
> chcon command, does it also report Invalid argument? If so, then it is
> a policy problem - the context is illegal under the policy, e.g. one of
> the components isn't defined by the policy or the combination of them is
> not authorized by the policy.
That's what I initially thought: I'm just using an invalid context (if
this was/is the case, the error message could be a little more helpful
then, couldn't it?)
Have tried with several different context since them - without success.
And about the test with chcon: yes, the same context that I can
successfully label a directory is failing when I try to use-it with mount:
---------------------------
[root at beta2_20061201 mnt]# chcon system_u:object_r:tmp_t:SystemLow-SystemHigh cdrom/
[root at beta2_20061201 mnt]# echo $?; ls -lZd cdrom/
0
drwxr-xr-x root root system_u:object_r:tmp_t:SystemLow-SystemHigh cdrom/
[root at beta2_20061201 mnt]# mount -o context=system_u:object_r:tmp_t:SystemLow-SystemHigh /dev/cdrom /mnt/cdrom/
mount: block device /dev/cdrom is write-protected, mounting read-only
SELinux: security_context_to_sid("system_u:object_r:tmp_t:s0-s15:c0.c1023") failed for (dev hdc, type iso9660) errno=-22
mount: wrong fs type, bad option, bad superblock on /dev/cdrom,
missing codepage or other error
In some cases useful info is found in syslog - try
dmesg | tail or so
[root at beta2_20061201 mnt]#
--------------------------
Also tried mount with 'fscontext' with the same results.
Should I open a bug report for this (seems like a ship issue to me)
--Klaus
More information about the redhat-lspp
mailing list