Bug 249835
Summary: | fuse-2.7.0-3.fc7 doesn't load ntfs-3g during kernel boot | ||||||
---|---|---|---|---|---|---|---|
Product: | [Fedora] Fedora | Reporter: | Joshua Covington <joshuacov> | ||||
Component: | fuse | Assignee: | Tom "spot" Callaway <tcallawa> | ||||
Status: | CLOSED DUPLICATE | QA Contact: | Fedora Extras Quality Assurance <extras-qa> | ||||
Severity: | medium | Docs Contact: | |||||
Priority: | low | ||||||
Version: | 7 | CC: | landonmkelsey, lemenkov, tcallawa | ||||
Target Milestone: | --- | ||||||
Target Release: | --- | ||||||
Hardware: | i686 | ||||||
OS: | Linux | ||||||
Whiteboard: | |||||||
Fixed In Version: | Doc Type: | Bug Fix | |||||
Doc Text: | Story Points: | --- | |||||
Clone Of: | Environment: | ||||||
Last Closed: | 2007-07-30 17:45:33 UTC | Type: | --- | ||||
Regression: | --- | Mount Type: | --- | ||||
Documentation: | --- | CRM: | |||||
Verified Versions: | Category: | --- | |||||
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |||||
Cloudforms Team: | --- | Target Upstream Version: | |||||
Embargoed: | |||||||
Attachments: |
|
Description
Joshua Covington
2007-07-27 12:21:24 UTC
Hmmm. OK, let me look into this. Not enough info to answer. Are you belong to group "fuse"? You should provide your settings for SElinux (enabled/disabled) too. I can't reproduce this on a fresh F-7 i386 install, selinux set to permissive. I don't see any audit denials either. Can you show me what your /etc/fstab looks like? (In reply to comment #3) > I can't reproduce this on a fresh F-7 i386 install, selinux set to permissive. I > don't see any audit denials either. I should point out that I couldn't reproduce this with: - the fresh F-7 install - just ntfs-3g and ntfsprogs updated - also fuse updated - also fuse-libs updated - all updates applied i have all updates applied (also the new kernel) and only the fuse and fuse-libs are downgraded to 2.6.5. everything works fine and selinux is set to enforcing. no denial message. but when i upgrade to 2.7.0 then i have no denial messages from selinux and during boot i've got a failure from "mounting local filesystems". then the ntfs partition isn't loaded. when i delete the partition entry from the fstab then it works fine. the entry is: /dev/sda4 /mnt/win_xp/ ntfs-3g rw,defaults,0 0 0 0 everything else is from the standard fstab and i've got no messages when mounting the partition manually after boot. I'll test this when I get into the office on monday, but in the meantime, try altering your fstab entry to: /dev/sda4 /mnt/win_xp/ ntfs defaults 1 2 Let me know if that one doesn't automount on boot. *** Bug 249982 has been marked as a duplicate of this bug. *** I am still using FC6, but the issue is the exact same there, the change to the fstab was applied by me, but it doesn't change anything. After upgrading the fuse-lib it doesn't mount ntfs partition at boot time. I didn't apply any update to ntfs-3g. SE-Linux is set to enforce. After logging in and switching to root the mount succeeds as it should do. I also remember this sort of issue (mounting during boot failed with NTFS parttions, while mounting after login suceeds) being discussed with bug #211767 (https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=211767) and #220732 (https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=220732), where the issue was related to some SE_Linux policy. Perhaps a contact to Daniel Walsh (dwalsh) could help to resolve this issue? A quick way to confirm that this is SELinux would be to set your selinux to "permissive" and reboot (in /etc/sysconfig/selinux). Created attachment 160192 [details]
assembled policy file which resolved the issue on my machine
I should have mentioned it here, but i tried that before posting my last comment. With selinux in permissive mode the mount works fine during boot. I just attached the policy file i created with the help from http://etbe.blogspot.com/2007/03/creating-new-se-linux-policy-module.html and several reboots. On my machine (AMD64 with FC6_x64) it resolved the issue. As i am not exactly an expert on selinux, the policy should be used with care for other people trying it out, but i guess it is still of use for resolving this issue. Maybe some selinux experts are able to provide qualified feedback on this. OK, I should be able to figure this out on Monday and get the proper fix in the selinux-policy package, thanks! Afaik, this was fixed in SELinux last week, quite quickly: https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=249695 harald, Could you attach the avc messages, that you used to generate your policy. I am thinking that most of these are unnecessary, and all you really needed was a mount_domtrans(mount_ntfs_t) Looking at your policy you have the following allow mount_ntfs_t mount_exec_t:file execute; allow mount_ntfs_t mount_exec_t:file execute_no_trans; Which shows mount_ntfs_t execing the mount command and most of the other rules are handled by the mount domain. So the question, is did the avc's get generated by the mount command *** This bug has been marked as a duplicate of 249695 *** here are my ones: SELinux: initialized (dev sda4, type fuseblk), uses genfs_contexts audit(1185708851.381:6): avc: denied { mount } for pid=1361 comm="mount.ntfs-3g" name="/" dev=sda4 ino=1 scontext=system_u:system_r:mount_ntfs_t:s0 tcontext=system_u:object_r:fusefs_t:s0 tclass=filesystem audit(1185708851.381:10): avc: denied { add_name } for pid=1369 comm="mount.ntfs-3g" name="fusermountiX3ckE" scontext=system_u:system_r:mount_ntfs_t:s0 tcontext=system_u:object_r:tmp_t:s0 tclass=dir audit(1185708851.381:11): avc: denied { create } for pid=1369 comm="mount.ntfs-3g" name="fusermountiX3ckE" scontext=system_u:system_r:mount_ntfs_t:s0 tcontext=system_u:object_r:tmp_t:s0 tclass=dir audit(1185708851.381:12): avc: denied { remove_name } for pid=1369 comm="mount.ntfs-3g" name="fusermountiX3ckE" dev=sda2 ino=2503430 scontext=system_u:system_r:mount_ntfs_t:s0 tcontext=system_u:object_r:tmp_t:s0 tclass=dir audit(1185708851.381:13): avc: denied { rmdir } for pid=1369 comm="mount.ntfs-3g" name="fusermountiX3ckE" dev=sda2 ino=2503430 scontext=system_u:system_r:mount_ntfs_t:s0 tcontext=system_u:object_r:tmp_t:s0 tclass=dir |