Bug 135442 - Mountpoint is not writable when using fscontext=system_u:object_r:removable_t mount option
Mountpoint is not writable when using fscontext=system_u:object_r:removable_t...
Status: CLOSED RAWHIDE
Product: Fedora
Classification: Fedora
Component: selinux-policy-targeted (Show other bugs)
rawhide
All Linux
medium Severity medium
: ---
: ---
Assigned To: Daniel Walsh
:
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2004-10-12 14:51 EDT by David Zeuthen
Modified: 2013-03-05 22:41 EST (History)
2 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2004-10-14 18:35:58 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:


Attachments (Terms of Use)

  None (edit)
Description David Zeuthen 2004-10-12 14:51:44 EDT
Description of problem:

When mounting a volume with the
fscontext=system_u:object_r:removable_t mount option it is not
possible to write to it

Version-Release number of selected component (if applicable):

policoryutils-1.17.6-1

How reproducible:

Always

Steps to Reproduce:
1. Mount a partition with the given
fscontext=system_u:object_r:removable_t option
2. Attempt to write to the mount point
3. See that it fails

Expected results:

Writing to the moint point should work

Additional info:

Mounting without that option makes writing work.
Comment 1 David Zeuthen 2004-10-12 14:52:44 EDT
This option is put into /etc/fstab by fstab-sync by default
Comment 2 Daniel Walsh 2004-10-12 14:54:45 EDT
Are you getting avc messages in the log file?

Do they look like the following
audit(1097421875.980:0): avc:  denied  { associate } for  pid=4721
exe=/usr/bin/vim name=.cheat_sheet.txt.swp
scontext=user_u:object_r:removable_t
tcontext=system_u:object_r:removable_t tclass=filesystem

I have a fix for this problem that will be in rawhide tomorrow.

Dan
Comment 3 David Zeuthen 2004-10-12 15:05:08 EDT
Yes, this is what I get in my log file:

Oct 12 15:09:39 davidz kernel: audit(1097608179.660:0): avc:  denied 
{ associate } for  pid=27893 exe=/usr/bin/nautilus name=untitled
folder scontext=user_u:object_r:removable_t
tcontext=system_u:object_r:removable_t tclass=filesystem

when using Nautilus.

Thanks,
David
Comment 4 Daniel Walsh 2004-10-12 15:26:39 EDT
selinux-policy-targeted-1.17.30-2.noarch.rpm

Has the fix.  It is on my people page
ftp://people.redhat.com/dwalsh/SELinux

Or wait for it tomorrow.
Comment 5 David Zeuthen 2004-10-12 15:44:50 EDT
I can confirm that this works for me. Thanks.
Comment 6 Jon Savage 2004-10-12 22:14:58 EDT
works for me as well (Thanks!!)
Comment 7 David Zeuthen 2004-10-14 18:35:58 EDT
Seems to work, closing this bug.

Note You need to log in before you can comment on or make changes to this bug.