Bug 498644
Summary: | SELinux prevented mount from mounting on the file or directory "/proc/xen" (type "proc_xen_t"). | ||
---|---|---|---|
Product: | [Fedora] Fedora | Reporter: | Jerry Amundson <jamundso> |
Component: | selinux-policy | Assignee: | Daniel Walsh <dwalsh> |
Status: | CLOSED RAWHIDE | QA Contact: | Fedora Extras Quality Assurance <extras-qa> |
Severity: | medium | Docs Contact: | |
Priority: | low | ||
Version: | rawhide | CC: | dwalsh, eparis, mgrepl, sdsmall |
Target Milestone: | --- | ||
Target Release: | --- | ||
Hardware: | All | ||
OS: | Linux | ||
Whiteboard: | |||
Fixed In Version: | Doc Type: | Bug Fix | |
Doc Text: | Story Points: | --- | |
Clone Of: | Environment: | ||
Last Closed: | 2009-05-01 17:59:23 UTC | Type: | --- |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: |
Description
Jerry Amundson
2009-05-01 16:00:37 UTC
Not sure this makes any sense, so I added SELinux kernel developers to look at it. Assuming that it is normal for userspace to mount something on top of /proc/xen, then this just requires a policy change to allow mounton permission to proc_xen_t:dir. Relabeling /proc/xen via chcon doesn't make sense, but I assume setroubleshoot was just going with the same guidance it would give for a mount on a real filesystem. That is my question, does it make any sense to mount a file system on /proc/xen? Fixed in selinux-policy-3.6.12-27.fc11.noarch I will allow it. Blech. Never mind, this is user error. I was testing ideas on why my dom0 wasn't working - now that go back through the shell history, I see "mount -t xenfs xen /proc/xen" as root. Oops. Sorry for the noise. |