Bug 135334 - Can't write to usb keys/floppy/firewire devices
Can't write to usb keys/floppy/firewire devices
Status: CLOSED RAWHIDE
Product: Fedora
Classification: Fedora
Component: selinux-policy-targeted (Show other bugs)
3
i386 Linux
medium Severity medium
: ---
: ---
Assigned To: Daniel Walsh
:
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2004-10-11 21:06 EDT by Giovanni Glass
Modified: 2007-11-30 17:10 EST (History)
0 users

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2004-10-18 16:24:23 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)

  None (edit)
Description Giovanni Glass 2004-10-11 21:06:50 EDT
From Bugzilla Helper:
User-Agent: Mozilla/5.0 (X11; U; Linux i686; rv:1.7.3) Gecko/20041008
Firefox/0.10.1

Description of problem:
I put a USB stick (256MB USB2 Sandisk) and firewire
iPOD and tried to edit text files. Nautilus says I
don't have permissions to edit files, nor can I create
any files on the disks.

Working folder:
/media/usbdisk/unix_help

Editing a text file from double-clicking a text file
in Nautilus brings up gEdit. I make a change and try
to save, it gives a permissions error. I chmod 777 *
on the text files and the command executes but the
permissions of the text files dont reflect the change.
I check dmesg and I get this error:

audit(1097420510.446:0): avc:  denied  { associate }
for  pid=4607 exe=/usr/bin/gedit
name=.gedit-save-dRYCB1
scontext=user_u:object_r:removable_t
tcontext=system_u:object_r:removable_t
tclass=filesystem

I try to create a new "empty file" in nautilus and
again I get permission denied. dmesg reports this:

audit(1097421666.756:0): avc:  denied  { associate }
for  pid=4539 exe=/usr/bin/nautilus
name=.vfs-write.tmp
scontext=user_u:object_r:removable_t
tcontext=system_u:object_r:removable_t
tclass=filesystem

Attempting to copy an existing file and pasting to the
same folder gives a permissions error and dmesg
reports:

audit(1097421730.569:0): avc:  denied  { associate }
for  pid=4539 exe=/usr/bin/nautilus
name=.vfs-write.tmp
scontext=user_u:object_r:removable_t
tcontext=system_u:object_r:removable_t
tclass=filesystem

However, editing a text file from the command line
using vim, the kernel does allow the file to save my
edits. But there is still errors in dmesg:

audit(1097421875.980:0): avc:  denied  { associate }
for  pid=4721 exe=/usr/bin/vim
name=.cheat_sheet.txt.swp
scontext=user_u:object_r:removable_t
tcontext=system_u:object_r:removable_t
tclass=filesystem
audit(1097421875.980:0): avc:  denied  { associate }
for  pid=4721 exe=/usr/bin/vim
name=.cheat_sheet.txt.swp
scontext=user_u:object_r:removable_t
tcontext=system_u:object_r:removable_t
tclass=filesystem
audit(1097421883.100:0): avc:  denied  { associate }
for  pid=4721 exe=/usr/bin/vim name=4913
scontext=user_u:object_r:removable_t
tcontext=system_u:object_r:removable_t
tclass=filesystem
audit(1097421883.100:0): avc:  denied  { associate }
for  pid=4721 exe=/usr/bin/vim name=cheat_sheet.txt~
scontext=user_u:object_r:removable_t
tcontext=system_u:object_r:removable_t
tclass=filesystem

Attempting to edit a text file on a floppy gives this:

SELinux: initialized (dev fd0, type vfat), uses genfs_contexts
audit(1097542494.684:0): avc:  denied  { associate } for  pid=8393
exe=/usr/bin/vim name=.readme.txt.swp
scontext=root:object_r:removable_t
tcontext=system_u:object_r:removable_t tclass=filesystem
audit(1097542494.684:0): avc:  denied  { associate } for  pid=8393
exe=/usr/bin/vim name=.readme.txt.swp
scontext=root:object_r:removable_t
tcontext=system_u:object_r:removable_t tclass=filesystem
audit(1097542499.205:0): avc:  denied  { associate } for  pid=8393
exe=/usr/bin/vim name=4913 scontext=root:object_r:removable_t
tcontext=system_u:object_r:removable_t tclass=filesystem
audit(1097542499.205:0): avc:  denied  { associate } for  pid=8393
exe=/usr/bin/vim name=readme.txt~ scontext=root:object_r:removable_t
tcontext=system_u:object_r:removable_t tclass=filesystem
audit(1097542510.677:0): avc:  denied  { associate } for  pid=4821
exe=/usr/bin/nautilus name=.vfs-write.tmp
scontext=user_u:object_r:removable_t
tcontext=system_u:object_r:removable_t tclass=filesystem


Switching to root user and editing the files has no
effect. Are these due to permissions not being set
correctly in SELinux? How do I fix this so I can
save/edit/copy/create files on removable storage?

Joe

Version-Release number of selected component (if applicable):


How reproducible:
Always

Steps to Reproduce:
1. Mount an removable storage device.
2. Edit a text file using gedit or vim. Or create a new file. Or copy
an existing file to the same device.
3. Attempt to save.
    

Actual Results:  Can't write files to removable storage (floppy, ipod,
usb key) regardless of being user or root. Nautilus states there is a per

Expected Results:  Saving files on removable storage should not give
permission errors or give alerts in dmesg output.

Additional info:

Example error message from gedit attempting to save to floppy (write
protect tab is not set on floppy, and there is sufficient space):
Error while copying to "/media/floppy".
You do not have permissions to write to this folder.
Comment 1 Daniel Walsh 2004-10-18 16:24:23 EDT
There was an error in policy that is fixed in policy-1.17.30 and newer.

Note You need to log in before you can comment on or make changes to this bug.