Bug 179437 - mount -o remount,loop,context=... does not work
mount -o remount,loop,context=... does not work
Product: Fedora
Classification: Fedora
Component: kernel (Show other bugs)
i386 Linux
medium Severity medium
: ---
: ---
Assigned To: Eric Paris
Brian Brock
Depends On:
  Show dependency treegraph
Reported: 2006-01-31 07:41 EST by Matthew Hannigan
Modified: 2008-08-02 19:40 EDT (History)
5 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Last Closed: 2006-10-16 20:59:36 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)

  None (edit)
Description Matthew Hannigan 2006-01-31 07:41:29 EST
From Bugzilla Helper:
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.0; en-US; rv:1.8) Gecko/20051111 Firefox/1.5

Description of problem:

Using the remount option with selinux context setting doesn't work.
'mount' reports that the mountpoint has the context, but I still
get selinux 'deny's.

I was also using the 'loop' option, I have not yet tested whether
this affects things at all.

Using umount then mount does work.

Version-Release number of selected component (if applicable):

How reproducible:

Steps to Reproduce:
1.mount a (loop) file system, then use a targeted subsystem, e.g. apache to
  access and observe expected avc denies in /var/log/audit/audit.log
2. mount -o remount,loop,context=.... and observe the same avc denies again.


Actual Results:  avc denys in /var/log/audit/audit.log

Expected Results:  access should be permitted

Additional info:

can workaround with umount/mount -o loop,context=....
Comment 1 Karel Zak 2006-03-27 09:35:28 EST

*** This bug has been marked as a duplicate of 186915 ***
Comment 2 Karel Zak 2006-03-27 09:40:15 EST
Oops, I'm not sure if FC4 kernel really supports the "context" mount option. Can
anyone confirm it? The bug #186915 is against FC5. (Sorry for previous close as
Comment 3 Paul Howarth 2006-03-27 09:43:23 EST
I've used "fscontext" (not "context") in FC4 and that worked for me.
Hwoever, the context was only applied in-kernel and not available to userland,
so an "ls -lZ" of the mounted fs didn't show the context, unlike in FC5.
Comment 4 Dave Jones 2006-09-16 21:52:53 EDT
[This comment added as part of a mass-update to all open FC4 kernel bugs]

FC4 has now transitioned to the Fedora legacy project, which will continue to
release security related updates for the kernel.  As this bug is not security
related, it is unlikely to be fixed in an update for FC4, and has been migrated
to FC5.

Please retest with Fedora Core 5.

Thank you.
Comment 5 Dave Jones 2006-10-16 13:53:11 EDT
A new kernel update has been released (Version: 2.6.18-1.2200.fc5)
based upon a new upstream kernel release.

Please retest against this new kernel, as a large number of patches
go into each upstream release, possibly including changes that
may address this problem.

This bug has been placed in NEEDINFO state.
Due to the large volume of inactive bugs in bugzilla, if this bug is
still in this state in two weeks time, it will be closed.

Should this bug still be relevant after this period, the reporter
can reopen the bug at any time. Any other users on the Cc: list
of this bug can request that the bug be reopened by adding a
comment to the bug.

In the last few updates, some users upgrading from FC4->FC5
have reported that installing a kernel update has left their
systems unbootable. If you have been affected by this problem
please check you only have one version of device-mapper & lvm2
installed.  See bug 207474 for further details.

If this bug is a problem preventing you from installing the
release this version is filed against, please see bug 169613.

If this bug has been fixed, but you are now experiencing a different
problem, please file a separate bug for the new problem.

Thank you.
Comment 6 Matthew Hannigan 2006-10-16 20:13:23 EDT
I can no longer test this because mount -o ...,remount, seems
to not like the context or fscontext options.

# mount | grep /mnt/l
/tmp/bug179437 on /mnt/l type ext3 (rw)
# mount  -o loop,remount,rw  /tmp/bug179437
# mount  -o loop,remount,rw,context=system_u:object_r:etc_t \
mount: /mnt/l not mounted already, or bad option

In that sense it's fixed I guess, but it would be nice to 
have a more explicit message about which option was 'bad'
Comment 7 Dave Jones 2006-10-16 20:39:00 EDT
adding some SELinux folks to the CC. Maybe they know more than I do about
whether or not this is supposed to work or not.
Comment 8 James Morris 2006-10-16 20:52:01 EDT
remounting with context= does not work (you really don't want it to anyway, due
to revocation issues).

Note You need to log in before you can comment on or make changes to this bug.