Bug 506960
| Summary: | mount no longer mounts LUKS encrypted partitions.... | ||
|---|---|---|---|
| Product: | [Fedora] Fedora | Reporter: | Tom London <selinux> |
| Component: | gnome-disk-utility | Assignee: | Karel Zak <kzak> |
| Status: | CLOSED RAWHIDE | QA Contact: | Fedora Extras Quality Assurance <extras-qa> |
| Severity: | high | Docs Contact: | |
| Priority: | low | ||
| Version: | rawhide | CC: | davidz, dwalsh, kzak, maurizio.antillon |
| Target Milestone: | --- | ||
| Target Release: | --- | ||
| Hardware: | All | ||
| OS: | Linux | ||
| Whiteboard: | |||
| Fixed In Version: | Doc Type: | Bug Fix | |
| Doc Text: | Story Points: | --- | |
| Clone Of: | Environment: | ||
| Last Closed: | 2009-06-22 21:50:57 UTC | Type: | --- |
| Regression: | --- | Mount Type: | --- |
| Documentation: | --- | CRM: | |
| Verified Versions: | Category: | --- | |
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
| Cloudforms Team: | --- | Target Upstream Version: | |
| Embargoed: | |||
|
Description
Tom London
2009-06-19 15:11:42 UTC
I think I "misfiled" this against /sbin/mount. It appears that the "automagic" disk/partition mounting (DeviceKit-disks ?, gnome-disk-utility? gnome-mount? other?) is properly running "cryptsetup" on the partition, since I see a newly created /dev/dm-2: [tbl@tlondon ~]$ ls -l /dev/dm* brw-rw----. 1 root disk 253, 0 2009-06-19 17:54 /dev/dm-0 brw-rw----. 1 root disk 253, 1 2009-06-19 17:54 /dev/dm-1 brw-rw----. 1 root disk 253, 2 2009-06-19 17:57 /dev/dm-2 [tbl@tlondon ~]$ [dm-0 is / and dm-1 is swap, I believe] I can mount /dev/dm-2: [root@tlondon ~]# [root@tlondon ~]# mount /dev/dm-2 /mnt [root@tlondon ~]# [root@tlondon ~]# mount /dev/mapper/vg_tlondon-lv_root on / type ext4 (rw) proc on /proc type proc (rw) sysfs on /sys type sysfs (rw) devpts on /dev/pts type devpts (rw) /dev/sda2 on /boot type ext3 (rw) tmpfs on /dev/shm type tmpfs (rw,rootcontext="system_u:object_r:tmpfs_t:s0") none on /proc/sys/fs/binfmt_misc type binfmt_misc (rw) sunrpc on /var/lib/nfs/rpc_pipefs type rpc_pipefs (rw) gvfs-fuse-daemon on /home/tbl/.gvfs type fuse.gvfs-fuse-daemon (rw,nosuid,nodev,user=tbl) /dev/sdb1 on /media/E0FD-1813 type vfat (rw,nosuid,nodev,uhelper=devkit,uid=500,gid=500,shortname=lower,dmask=0077,utf8=1,flush) /dev/dm-2 on /mnt type ext4 (rw) [root@tlondon ~]# So, the crypto is properly working as is gnome-keyring, but the usual "mount" on /media/Backup (Backup is the partition's label) fails. If I run palimpsest before I manually mount, I see no options to mount. I will reassign the BZ to gnome-disk-utility (I'm guessing here, since only it and DeviceKit-disks have been updated recently) and hope for the best. Please reassign if I've guessed wrong (again). Forgot current versions: gnome-disk-utility-0.3-1.fc12.x86_64 DeviceKit-disks-004-3.fc12.x86_64 Updating to
gnome-disk-utility-0.4-1.fc12.x86_64
DeviceKit-disks-005-2.fc12.x86_64
and running in SELinux permissive mode seems to work.
The new code seems to want additional stuff:
module localdevicekit 1.0;
require {
type polkit_t;
type devicekit_disk_t;
class dbus send_msg;
class netlink_kobject_uevent_socket { read bind create setopt getattr };
}
#============= devicekit_disk_t ==============
allow devicekit_disk_t polkit_t:dbus send_msg;
allow devicekit_disk_t self:netlink_kobject_uevent_socket { read bind create setopt getattr };
#============= polkit_t ==============
allow polkit_t devicekit_disk_t:dbus send_msg;
Sorry, fat fingers.... Adding Daniel Walsh for the SELinux bits.... Fixed in selinux-policy-3.6.18-1.fc12 |