Bug 835793

Summary: Polyinstatiation and Nautilus, no mounted CD and USB
Product: Red Hat Enterprise Linux 6 Reporter: Andrey_Manko <manko8>
Component: pamAssignee: Tomas Mraz <tmraz>
Status: CLOSED CANTFIX QA Contact: BaseOS QE Security Team <qe-baseos-security>
Severity: medium Docs Contact:
Priority: medium    
Version: 6.1CC: mmahudha, rmetrich
Target Milestone: rc   
Target Release: ---   
Hardware: x86_64   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2013-04-12 10:59:56 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On:    
Bug Blocks: 782183    

Description Andrey_Manko 2012-06-27 06:55:29 UTC
Description of problem:
When I experimented around with pam_namespace, I found a bug. I have rhel 6.1.
I installed SElinux policy-mls and  edited the file /etc/security/namespace.conf.
I rebooted the system, logged in user, open the "computer:///" in Nautilus. I double-click on CD-ROM icon or USB-flash icon, Nautilus pops up a dialog box that says "Internal error: No mount object for mounted volume".   

Version-Release number of selected component (if applicable):

$ cat /etc/redhat-release 
Red Hat Enterprise Linux Server release 6.1


$ rpm -qa | grep pam
pam_pkcs11-0.6.2-11.1.el6.x86_64
pam-devel-1.1.1-8.el6.x86_64
gnome-keyring-pam-2.28.2-6.el6.x86_64
pam-1.1.1-8.el6.x86_64
spamassassin-3.3.1-2.el6.x86_64
fprintd-pam-0.1-19.git04fd09cfa.el6.x86_64
pam_passwdqc-1.0.5-6.el6.x86_64
pam_krb5-2.3.11-6.el6.x86_64$ 


rpm -qa | grep nautilus
nautilus-sendto-2.28.2-3.el6.x86_64
totem-nautilus-2.28.6-2.el6.x86_64
nautilus-2.28.4-15.el6.x86_64
brasero-nautilus-2.28.3-6.el6.x86_64
nautilus-open-terminal-0.17-3.el6.x86_64
nautilus-extensions-2.28.4-15.el6.x86_64

$ rpm -qa | grep mls
selinux-policy-mls-3.7.19-93.el6.noarch


How reproducible:
Always

Steps to Reproduce:
1. yum install selinux-policy-mls-3.7.19-93.el6.noarch.rpm
2. vim /etc/selinux/config

SELINUX=permissive

3. vim /etc/security/namespace.conf

/tmp     /tmp-inst/       	level      root,adm
/var/tmp /var/tmp/tmp-inst/   	level      root,adm
$HOME    $HOME/$USER.inst/      level      root,adm

4.
# mkdir /tmp/tmp-inst 
# mkdir /var/tmp/tmp-inst 
# chown root:root /tmp/tmp-inst /var/tmp/tmp-inst 
# chmod 000 /tmp/tmp-inst /var/tmp/tmp-inst

5. useradd user1
6. passwd user1
7. reboot
8. log in user1
9. put CD into drive
10.put USB-flash into USB-port
9. open "computer:///" in Nautilus
10. double-click double-click on CD-ROM icon or USB-flash icon


  
Actual results:
Nautilus pops up a dialog box that says "Internal error: No mount object for mounted volume".

Expected results:

Nautilus correct mount CD or USB-Flash /media/name...
Should display directory


Additional info:

Comment 2 Tomas Mraz 2012-06-27 22:27:32 UTC
You have to make the / mount point rshared. Otherwise the mounts outside the namespace cannot propagate. And once you do it you also have to mark the individual polyinstantiated directories private.

mount --make-rshared /
mount --make-private /tmp
mount --make-private /var/tmp
mount --make-private <home> (for each homedir)

Comment 3 Andrey_Manko 2012-06-28 07:40:22 UTC
Thanks =)

mount --make-shared /
mount --bind /tmp /tmp
mount --make-private /tmp
mount --bind /var/tmp /var/tmp
for i in /home/* 
do mount --bind $i $i 
do mount --make-private $i
done

Comment 4 RHEL Program Management 2012-12-14 06:57:06 UTC
This request was not resolved in time for the current release.
Red Hat invites you to ask your support representative to
propose this request, if still desired, for consideration in
the next release of Red Hat Enterprise Linux.