Bug 1377113

Summary: [selinux-policy] media inserted into by optical drive do not get auto-mounted
Product: [Fedora] Fedora Reporter: Joachim Frieben <jfrieben>
Component: selinux-policyAssignee: Lukas Vrabec <lvrabec>
Status: CLOSED ERRATA QA Contact: Fedora Extras Quality Assurance <extras-qa>
Severity: unspecified Docs Contact:
Priority: unspecified    
Version: 25CC: awilliam, bugzilla, cpanceac, dominick.grift, dwalsh, kevin, kparal, lvrabec, mgrepl, phatina, plautrba, pschindl, renault, rh, robatino, satellitgo, stefw, thunderbirdtr, tsmetana
Target Milestone: ---   
Target Release: ---   
Hardware: x86_64   
OS: Linux   
Whiteboard: AcceptedBlocker
Fixed In Version: selinux-policy-3.13.1-216.fc25 Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2016-10-07 03:35:09 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On:    
Bug Blocks: 1277287, 1277289    
Attachments:
Description Flags
AVCs from the audit.log
none
Some more AVCs none

Description Joachim Frieben 2016-09-18 15:41:34 UTC 
Description of problem:
In current Fedora 25, media inserted into an optical drive do not get auto-mounted nor displayed in nautilus.

Version-Release number of selected component (if applicable):
storaged-2.6.2-2.fc25

How reproducible:
Always 

Steps to Reproduce:
1. Insert media into optical drive.

Actual results:
None

Expected results:
Media gets detected and auto-mounted.

Additional info:
- The optical media is correctly shown by gnome-disks including the volume label.
- The same happens in a virtual Fedora 25 machine: the install media is still present according to gnome-disks but it does not get shown in the GNOME session.
- After reverting the system to Fedora 24, optical media do get detected and auto-mounted as expected.
Comment 1 Joachim Frieben 2016-09-27 07:54:40 UTC 
Blocks bug 1277287: automatic mounting of removable media on insertion must work in release-blocking desktops.
Comment 2 Tomas Smetana 2016-09-27 14:53:21 UTC 
I'll try to reproduce this: the usual suspect is SELinux though...
Comment 3 Joachim Frieben 2016-09-27 19:18:00 UTC 
Issue is absent after booting system in permissive mode.
Comment 4 Adam Williamson 2016-09-28 00:36:51 UTC 
I'm +1 to the issue being a blocker, but didn't we already have a bug filed on the actual SELinux denial that caused this?
Comment 5 Tomas Smetana 2016-09-29 07:08:39 UTC 
(In reply to Adam Williamson from comment #4)
> I'm +1 to the issue being a blocker, but didn't we already have a bug filed
> on the actual SELinux denial that caused this?

Yes, bug #1375156 which was fixed by selinux-policy-3.13.1-214.fc25.

I'm unable to boot the F25 alpha at all (no idea why yet, freezes quite early in the boot process), so Joachim or whoever has F25 running, please make sure you have the updated selinux-policy package installed.
Comment 6 Joachim Frieben 2016-09-29 07:39:33 UTC 
(In reply to Tomas Smetana from comment #5)
1. Issue is still present for selinux-policy-3.13.1-215.fc25.
2. The latest live image of type "Workstation" includes package selinux-policy-3.13.1-214.fc25 and is available at https://dl.fedoraproject.org/pub/fedora/linux/development/25/Workstation/x86_64/iso/Fedora-Workstation-Live-x86_64-25-20160928.n.0.iso.
However, when booting from the latter in "Boxes" (gnome-boxes), it does of course never appear as a user-mounted media. It is necessary to add an optical image to an -installed- virtual Fedora 25 guest via "Boxes"' menu item "Properties > Devices".
Comment 7 Tomas Smetana 2016-09-29 08:42:24 UTC 
Created attachment 1205878 [details]
AVCs from the audit.log

I have the problem reproduced finally. Attached are the AVCs I grepped from the audit.log. Looks like this time storaged was not involved.
Comment 8 Tomas Smetana 2016-09-29 08:43:59 UTC 
Forgot to mention: reproduced with selinux-policy-3.13.1-215.fc25.noarch.
Comment 9 Tomas Smetana 2016-09-29 08:54:16 UTC 
Created attachment 1205880 [details]
Some more AVCs

...from permissive mode.
Comment 10 Lukas Vrabec 2016-09-29 12:17:17 UTC 
*** Bug 1380190 has been marked as a duplicate of this bug. ***
Comment 11 Lukas Vrabec 2016-09-29 12:21:34 UTC 
Tomas,
Thanks for AVCs. Fixed in our policy repo. Builds will be available ASAP.
Comment 12 Adam Williamson 2016-10-01 02:37:37 UTC 
So, +1 beta blocker from me. -216 does appear to fix this, also.
Comment 13 Dr. David Alan Gilbert 2016-10-01 19:14:45 UTC 
*** Bug 1379053 has been marked as a duplicate of this bug. ***
Comment 14 Kevin Fenzi 2016-10-01 23:39:36 UTC 
+1 beta blocker
Comment 15 Chris Murphy 2016-10-02 19:54:48 UTC 
+1 beta blocker
Comment 16 Petr Schindler 2016-10-03 16:23:20 UTC 
Discussed at 2016-10-03 blocker review meeting: [1]. 

This bug was accepted as Beta blocker: This bug violates Beta criterion "Automatic mounting of removable media on insertion must work in release-blocking desktops."

[1] https://meetbot-raw.fedoraproject.org/fedora-blocker-review/2016-10-03/
Comment 17 Adam Williamson 2016-10-03 22:31:02 UTC 
I sent https://bodhi.fedoraproject.org/updates/FEDORA-2016-b596fd5579 , I don't know why it didn't edit this update, but this should now be MODIFIED.
Comment 18 Kamil Páral 2016-10-04 12:01:30 UTC 
*** Bug 1380149 has been marked as a duplicate of this bug. ***
Comment 19 Adam Williamson 2016-10-04 14:51:45 UTC 
*** Bug 1381232 has been marked as a duplicate of this bug. ***
Comment 20 Fedora Update System 2016-10-05 01:54:37 UTC 
selinux-policy-3.13.1-216.fc25 has been pushed to the Fedora 25 testing repository. If problems still persist, please make note of it in this bug report.
See https://fedoraproject.org/wiki/QA:Updates_Testing for
instructions on how to install test updates.
You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2016-b596fd5579
Comment 21 Kamil Páral 2016-10-06 17:12:00 UTC 
This worked for me with Beta 1.1.
Comment 22 Adam Williamson 2016-10-06 18:12:21 UTC 
Verified with Beta-1.1.
Comment 23 Fedora Update System 2016-10-07 03:35:09 UTC 
selinux-policy-3.13.1-216.fc25 has been pushed to the Fedora 25 stable repository. If problems still persist, please make note of it in this bug report.