Bug 449678
| Summary: | SELinux prevented umount from mounting on the file or directory | ||
|---|---|---|---|
| Product: | [Fedora] Fedora | Reporter: | pigetak178 |
| Component: | hal | Assignee: | David Zeuthen <davidz> |
| Status: | CLOSED DUPLICATE | QA Contact: | Fedora Extras Quality Assurance <extras-qa> |
| Severity: | low | Docs Contact: | |
| Priority: | low | ||
| Version: | 9 | CC: | jkubin, mclasen, pertusus, thras |
| Target Milestone: | --- | ||
| Target Release: | --- | ||
| Hardware: | All | ||
| OS: | Linux | ||
| Whiteboard: | |||
| Fixed In Version: | Doc Type: | Bug Fix | |
| Doc Text: | Story Points: | --- | |
| Clone Of: | Environment: | ||
| Last Closed: | 2008-06-04 17:50:21 UTC | Type: | --- |
| Regression: | --- | Mount Type: | --- |
| Documentation: | --- | CRM: | |
| Verified Versions: | Category: | --- | |
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
| Cloudforms Team: | --- | Target Upstream Version: | |
| Embargoed: | |||
Follow up: I did try: setsebool -P allow_mount_anyfile=1 But that didn't fix it. Same error message pops up in the setroubleshooter browswer. I have this problem when I try to umount my 8G Lexar thumbdrive, and so do users with bug 449873 and bug 449719 apparently. The problem occurs with both a manual 'umount /media/Lexar' and right-clicking to umount through Gnome's file browser. Judging from the text of the error, SELinux seems to think that umount is trying to mount a directory on .hal-mtab-lock. |
Description of problem: Inserted thumb drive. Then unmounted using Gnome right-click menu to "unmount". Selinux alert box popped up. Text is: Summary: SELinux prevented umount from mounting on the file or directory "/media/.hal-mtab-lock" (type "mnt_t"). Detailed Description: SELinux prevented umount from mounting a filesystem on the file or directory "/media/.hal-mtab-lock" of type "mnt_t". By default SELinux limits the mounting of filesystems to only some files or directories (those with types that have the mountpoint attribute). The type "mnt_t" does not have this attribute. You can either relabel the file or directory or set the boolean "allow_mount_anyfile" to true to allow mounting on any file or directory. Allowing Access: Changing the "allow_mount_anyfile" boolean to true will allow this access: "setsebool -P allow_mount_anyfile=1." Fix Command: setsebool -P allow_mount_anyfile=1 Additional Information: Source Context system_u:system_r:mount_t:s0 Target Context system_u:object_r:mnt_t:s0 Target Objects /media/.hal-mtab-lock [ file ] Source umount Source Path /bin/umount Port <Unknown> Host localhost.localdomain Source RPM Packages util-linux-ng-2.13.1-6.fc9 Target RPM Packages Policy RPM selinux-policy-3.3.1-55.fc9 Selinux Enabled True Policy Type targeted MLS Enabled True Enforcing Mode Enforcing Plugin Name allow_mount_anyfile Host Name localhost.localdomain Platform Linux localhost.localdomain 2.6.25.3-18.fc9.i686 #1 SMP Tue May 13 05:38:53 EDT 2008 i686 i686 Alert Count 2 First Seen Mon 02 Jun 2008 09:04:06 PM EDT Last Seen Mon 02 Jun 2008 09:05:22 PM EDT Local ID db2b7bc8-f9d8-483d-81fb-211b2aef6c1d Line Numbers Raw Audit Messages host=localhost.localdomain type=AVC msg=audit(1212455122.644:57): avc: denied { read write } for pid=3475 comm="umount" path="/media/.hal-mtab-lock" dev=dm-0 ino=8314883 scontext=system_u:system_r:mount_t:s0 tcontext=system_u:object_r:mnt_t:s0 tclass=file host=localhost.localdomain type=SYSCALL msg=audit(1212455122.644:57): arch=40000003 syscall=11 success=yes exit=0 a0=804b14d a1=bfb486e0 a2=bfb48c5c a3=804b14d items=0 ppid=3474 pid=3475 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="umount" exe="/bin/umount" subj=system_u:system_r:mount_t:s0 key=(null) Version-Release number of selected component (if applicable): Full fresh install of F9, plus all updates applied as of this date. How reproducible: Totally. Every time I insert and then unmount it. Steps to Reproduce: 1. 2. 3. Actual results: Expected results: Additional info: