Bug 208604

Summary: security error trying to mount USB flash memory key
Product: [Fedora] Fedora Reporter: Garrett Mitchener <garrett.mitchener>
Component: selinux-policy-targetedAssignee: Daniel Walsh <dwalsh>
Status: CLOSED CURRENTRELEASE QA Contact: Ben Levenson <benl>
Severity: medium Docs Contact:
Priority: medium    
Version: 6   
Target Milestone: ---   
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: 2.3.17-1 Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2006-10-03 14:46:23 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description Garrett Mitchener 2006-09-29 16:37:12 UTC 
Description of problem:

I installed updates today of various packages, including
selinux-policy-targeted.noarch 2.3.16-6.  Now when I log in to gnome and plug in
a USB memory key, I get an error in a dialog box:

Cannot mount volume.
Error org.freedesktop.DBus.Error.AccessDenied.

A security policy in place prevents this sender from sending this message to
this recipient, see message bus configuration file (rejected message had
interface "org.freedesktop.Hal.Device.Volume" member "Mount" error name
"(unset)" destination "org.freedesktop.Hal")

I assume this is a glitch in the new targeted policy package.

Steps to Reproduce:
1. log in to gnome
2. put in a usb key
  
Actual results:

error message

Expected results:

The key should be mounted.

Additional info:

I didn't have any problem using this USB key on this machine until after I ran
'yum update' this morning and rebooted.
Comment 1 Daniel Walsh 2006-09-29 17:19:23 UTC 
any avc messages in /var/log/messages or /var/log/audit/audit.log?
Comment 2 Garrett Mitchener 2006-09-29 21:45:28 UTC 
None that I can find.  I restarted my machine after replacing SELINUX=enforcing
with SELINUX=permissive in /etc/selinux/config and the usb key works fine.
Comment 3 Garrett Mitchener 2006-09-29 21:49:19 UTC 
I just realized, there isn't even a /var/log/audit directory on this computer. 
Is there some setting I have to put in somewhere to get it to keep a log?
Comment 4 Daniel Walsh 2006-10-02 17:32:36 UTC 
You can install the audit package and that directory will be created.  But using
dmesg or looking in /var/log/messages, you do not see avc messages?
Comment 5 Garrett Mitchener 2006-10-02 21:14:45 UTC 
Hmm.  I installed audit and reset /etc/selinux/config to enforcing, and
rebooted, and now my USB key works.  This is after running yum update this
afternoon, so maybe one of these new packages fixed it.  I'll just list the ones
that seem relevant:

selinux-policy-targeted.noarch 2.3.17-1
dbus-devel.i386 & x86_64 0.93-3.fc6
Comment 6 Daniel Walsh 2006-10-03 14:46:23 UTC 
So I will close this bug, reopen if it comes back.  You might want to try out
the  setroubleshoot package also.