Bug 184315

Summary: hfsplus partitions cant be mounted with selinux enabled
Product: [Fedora] Fedora Reporter: Dennis Gilmore <dennis>
Component: selinux-policyAssignee: Daniel Walsh <dwalsh>
Status: CLOSED RAWHIDE QA Contact:
Severity: medium Docs Contact:
Priority: medium    
Version: rawhideCC: nobody+pnasrat
Target Milestone: ---   
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2006-06-30 12:49:29 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description Dennis Gilmore 2006-03-07 22:51:47 UTC 
Description of problem: 
Trying to mount a hfsplus partition with selinux  in enabled mode  fails 
 
dmesg shows  
hfs: write access to a jounaled filesystem is not supported, use the force 
option at your own risk, mounting read-only. 
SELinux: initialized (dev sdf3, type hfsplus), not configured for labelinghfs: 
write access to a jounaled filesystem is not supported, use the force option 
at your own risk, mounting read-only. 
SELinux: initialized (dev sdf3, type hfsplus), not configured for labeling 
 
 
that is from trying to mount my ipod on a x86_64 machine.  i also got this on 
my powerbook trying to mount the mac partition  to extract wireless firmware. 
 
we should handle the situation  as im sure apple will not add selinux support 
to there filessytem 
 
Version-Release number of selected component (if applicable): 
 
 
How reproducible: 
always 
 
Steps to Reproduce: 
1. mount hfsplus partition 
2. 
3. 
   
Actual results: 
not mounted 
 
Expected results: 
mounted 
 
Additional info:
Comment 1 Paul Nasrat 2006-03-07 23:32:47 UTC 
Same applies for hfs attempt to mount hfs then hfsplus partitions:

type=AVC msg=audit(1141774478.209:206): avc:  denied  { mount } for  pid=13971
comm="mount" name="/" dev=sda2 ino=2
scontext=root:system_r:mount_t:s0-s0:c0.c255
tcontext=system_u:object_r:unlabeled_t:s0 tclass=filesystem
type=SYSCALL msg=audit(1141774478.209:206): arch=14 syscall=21 success=yes
exit=-13 a0=10039b78 a1=10039b88 a2=10039b98 a3=c0ed0001 items=2 pid=13971
auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 comm="mount"
exe="/bin/mount"
type=CWD msg=audit(1141774478.209:206):  cwd="/root"
type=PATH msg=audit(1141774478.209:206): item=0 name="/mnt/" flags=1 
inode=94142465 dev=fd:00 mode=040755 ouid=0 ogid=0 rdev=00:00
type=PATH msg=audit(1141774478.209:206): item=1 flags=1  inode=861 dev=00:10
mode=060640 ouid=0 ogid=6 rdev=08:02
type=AVC msg=audit(1141774621.173:214): avc:  denied  { mount } for  pid=14004
comm="mount" name="/" dev=sda4 ino=2
scontext=root:system_r:mount_t:s0-s0:c0.c255
tcontext=system_u:object_r:unlabeled_t:s0 tclass=filesystem
type=SYSCALL msg=audit(1141774621.173:214): arch=14 syscall=21 success=yes
exit=-13 a0=10039b78 a1=10039b88 a2=10039b98 a3=c0ed0001 items=2 pid=14004
auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 comm="mount"
exe="/bin/mount"
type=CWD msg=audit(1141774621.173:214):  cwd="/root"
type=PATH msg=audit(1141774621.173:214): item=0 name="/mnt/" flags=1 
inode=94142465 dev=fd:00 mode=040755 ouid=0 ogid=0 rdev=00:00
type=PATH msg=audit(1141774621.173:214): item=1 flags=1  inode=849 dev=00:10
mode=060640 ouid=0 ogid=6 rdev=08:04
Comment 2 Daniel Walsh 2006-03-08 16:51:30 UTC 
I set up a mapping between hfsplus and nfs_t so that it can be used.  I am not
sure how we should label it but this should get it working.

selinux-policy-2.2.23-7
Comment 3 Dennis Gilmore 2006-03-09 19:18:42 UTC 
works with selinux-policy-2.2.23-11  that was released to rawhide this morning
Comment 4 Dennis Gilmore 2006-06-29 03:11:54 UTC 
should this now be closed?