Bug 462042
Summary: | AVC denied for Podsleuth when inserting iPod | ||
---|---|---|---|
Product: | [Fedora] Fedora | Reporter: | David Nielsen <gnomeuser> |
Component: | selinux-policy-targeted | Assignee: | Daniel Walsh <dwalsh> |
Status: | CLOSED CURRENTRELEASE | QA Contact: | Ben Levenson <benl> |
Severity: | medium | Docs Contact: | |
Priority: | medium | ||
Version: | 11 | CC: | jpeeler+redhat, poelstra |
Target Milestone: | --- | Keywords: | Reopened |
Target Release: | --- | ||
Hardware: | All | ||
OS: | Linux | ||
Whiteboard: | |||
Fixed In Version: | Doc Type: | Bug Fix | |
Doc Text: | Story Points: | --- | |
Clone Of: | Environment: | ||
Last Closed: | 2009-11-18 13:09:26 UTC | Type: | --- |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: | |||
Bug Depends On: | |||
Bug Blocks: | 438943 |
Description
David Nielsen
2008-09-12 06:48:54 UTC
Fixed in selinux-policy-3.5.8-6.fc10 You can allow this for now. # audit2allow -M mypol -l -i /var/log/audit/audit.log # semodule -i mypol.pp I'm having the exact same problem on F10, although the audit message is slightly different: node=jbp.localdomain type=AVC msg=audit(1228577703.977:160): avc: denied { mount } for pid=8426 comm="mono" name="/" dev=sdb2 ino=2 scontext=system_u:system_r:podsleuth_t:s0 tcontext=system_u:object_r:nfs_t:s0 tclass=filesystem node=jbp.localdomain type=SYSCALL msg=audit(1228577703.977:160): arch=c000003e syscall=165 success=no exit=-13 a0=7fa8a0138e60 a1=7fa8a014c2d0 a2=7fa8a01479a0 a3=1 items=0 ppid=8423 pid=8426 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="mono" exe="/usr/bin/mono" subj=system_u:system_r:podsleuth_t:s0 key=(null) Source RPM Packages mono-core-2.0.1-12.fc10 Target RPM Packages filesystem-2.4.19-1.fc10 Policy RPM selinux-policy-3.5.13-26.fc10 podsleuth-0.6.3-1.fc10.x86_64 Why is podsleuth trying to mount an nfs file system? No idea, iPods should be vfat Ok It looks like we label hfs file systems as nfs_t, which some ipods use, so I guess we need to allow this. You can allow this for now. # audit2allow -M mypol -l -i /var/log/audit/audit.log # semodule -i mypol.pp Fixed in selinux-policy-3.5.13-34.fc10 This bug appears to have been reported against 'rawhide' during the Fedora 11 development cycle. Changing version to '11'. More information and reason for this action is here: http://fedoraproject.org/wiki/BugZappers/HouseKeeping |