Description of problem: I've just upgraded f24->f25 and I'm finding a lot of mount related things are broken (in order of discovery): a) A USB drive I'd set for automounting at login wasn't mounted b) /run/media/username doesn't exist c) udisksctl mount hangs Version-Release number of selected component (if applicable): storaged-2.6.2-2.fc25.x86_64 How reproducible: 100%???? Steps to Reproduce: 1. udisksctl mount -b /dev/disk/by-label/whatever Actual results: udisksctl doesn't return Expected results: A mounted disk Additional info: if storaged is supposed to be running it doesn't seem to be; systemctl list-unit-files | grep stora lists nothing systemctl | grep stora also lists nothing systemctl shows udisks.service as static and udisks2.service as disabled, so I think we're missing anything at all.
As for the failed mounts: Please check the audit log for SELinux AVC denials and eventually update selinux-policy. It has been fixed just recently (bug #1375156). Storaged in F25 has replaced udisks2 and for that reason it provides the udisks2 binaries and unit files too.
Tomas: It's still not happy with selinux-policy-3.13.1-215.fc25.noarch which looks to be one after the version listed in that selinux bz. I've got some AVC's for tumblerd trying to access block devices (I reported that spearately) Now I see udisksd (from storaged rpm) running, but doing a: udisksctl mount -b /dev/disk/by-path/pci-....usb....part1 just hangs (That's a USB disk). Similarly, doing a udisksctl unlock -b /dev/mapper/lvm-luks-disk asks for the passphrase and then my password (the later using a GUI box) and then hangs.
(In reply to rh from comment #2) > Tomas: It's still not happy with selinux-policy-3.13.1-215.fc25.noarch which > looks to be one after the version listed in that selinux bz. > > I've got some AVC's for tumblerd trying to access block devices (I reported > that spearately) > > Now I see udisksd (from storaged rpm) running, but doing a: > > udisksctl mount -b /dev/disk/by-path/pci-....usb....part1 > > just hangs (That's a USB disk). > > Similarly, doing a udisksctl unlock -b /dev/mapper/lvm-luks-disk > > asks for the passphrase and then my password (the later using a GUI box) and > then hangs. Thanks for the testing. Looks like we need to collect more AVCs.
(In reply to Tomas Smetana from comment #3) > Thanks for the testing. Looks like we need to collect more AVCs. Hmm, well: https://bugzilla.redhat.com/show_bug.cgi?id=1379137 has the avc's I'm getting for tumblerd. So, if we do: #grep -i AVC audit.log|grep -v tumbler|grep -i disk we get nothing. #grep -i AVC audit.log|grep -v tumbler|grep -i stora also gets nothing. The only other interesting messages are: type=USER_AVC msg=audit(1475233387.976:319): pid=962 uid=81 auid=4294967295 ses=4294967295 subj=system_u:system_r:sys tem_dbusd_t:s0-s0:c0.c1023 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.PolicyKit1.Au thority member=Changed dest=org.freedesktop.DBus spid=1037 tpid=1712 scontext=system_u:system_r:policykit_t:s0 tconte xt=system_u:system_r:devicekit_t:s0 tclass=dbus exe="/usr/bin/dbus-daemon" sauid=81 hostname=? addr=? terminal=?' type=USER_AVC msg=audit(1475233470.462:214): pid=979 uid=81 auid=4294967295 ses=4294967295 subj=system_u:system_r:sys tem_dbusd_t:s0-s0:c0.c1023 msg='avc: denied { send_msg } for msgtype=method_return dest=:1.31 spid=1046 tpid=1714 s context=system_u:system_r:policykit_t:s0 tcontext=system_u:system_r:devicekit_t:s0 tclass=dbus exe="/usr/bin/dbus-da emon" sauid=81 hostname=? addr=? terminal=?' type=USER_AVC msg=audit(1475233470.473:215): pid=979 uid=81 auid=4294967295 ses=4294967295 subj=system_u:system_r:sys tem_dbusd_t:s0-s0:c0.c1023 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.PolicyKit1.Au thority member=Changed dest=org.freedesktop.DBus spid=1046 tpid=1714 scontext=system_u:system_r:policykit_t:s0 tconte xt=system_u:system_r:devicekit_t:s0 tclass=dbus exe="/usr/bin/dbus-daemon" sauid=81 hostname=? addr=? terminal=?' type=USER_AVC msg=audit(1475234163.071:254): pid=979 uid=81 auid=4294967295 ses=4294967295 subj=system_u:system_r:sys tem_dbusd_t:s0-s0:c0.c1023 msg='avc: denied { send_msg } for msgtype=method_return dest=:1.31 spid=1046 tpid=1714 s context=system_u:system_r:policykit_t:s0 tcontext=system_u:system_r:devicekit_t:s0 tclass=dbus exe="/usr/bin/dbus-da emon" sauid=81 hostname=? addr=? terminal=?' type=USER_AVC msg=audit(1475234755.756:278): pid=979 uid=81 auid=4294967295 ses=4294967295 subj=system_u:system_r:sys tem_dbusd_t:s0-s0:c0.c1023 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.PolicyKit1.Au thority member=Changed dest=org.freedesktop.DBus spid=1046 tpid=1714 scontext=system_u:system_r:policykit_t:s0 tconte xt=system_u:system_r:devicekit_t:s0 tclass=dbus exe="/usr/bin/dbus-daemon" sauid=81 hostname=? addr=? terminal=?' type=USER_AVC msg=audit(1475234755.756:279): pid=979 uid=81 auid=4294967295 ses=4294967295 subj=system_u:system_r:sys tem_dbusd_t:s0-s0:c0.c1023 msg='avc: denied { send_msg } for msgtype=method_return dest=:1.31 spid=1046 tpid=1714 s context=system_u:system_r:policykit_t:s0 tcontext=system_u:system_r:devicekit_t:s0 tclass=dbus exe="/usr/bin/dbus-da emon" sauid=81 hostname=? addr=? terminal=?' type=USER_AVC msg=audit(1475320949.623:213): pid=982 uid=81 auid=4294967295 ses=4294967295 subj=system_u:system_r:sys tem_dbusd_t:s0-s0:c0.c1023 msg='avc: denied { send_msg } for msgtype=method_return dest=:1.30 spid=1029 tpid=1702 s context=system_u:system_r:policykit_t:s0 tcontext=system_u:system_r:devicekit_t:s0 tclass=dbus exe="/usr/bin/dbus-da emon" sauid=81 hostname=? addr=? terminal=?' type=USER_AVC msg=audit(1475320949.856:214): pid=982 uid=81 auid=4294967295 ses=4294967295 subj=system_u:system_r:sys tem_dbusd_t:s0-s0:c0.c1023 msg='avc: denied { send_msg } for msgtype=signal interface=org.freedesktop.PolicyKit1.Au thority member=Changed dest=org.freedesktop.DBus spid=1029 tpid=1702 scontext=system_u:system_r:policykit_t:s0 tconte xt=system_u:system_r:devicekit_t:s0 tclass=dbus exe="/usr/bin/dbus-daemon" sauid=81 hostname=? addr=? terminal=?' I'll try the -216 selinux-policy.
selinux 216 fixes it, so probably a dupe of 1377113 *** This bug has been marked as a duplicate of bug 1377113 ***