Bug 179489 - mount option context= doesn't work
mount option context= doesn't work
Status: CLOSED CURRENTRELEASE
Product: Red Hat Enterprise Linux 4
Classification: Red Hat
Component: selinux-policy-targeted (Show other bugs)
4.0
i386 Linux
medium Severity medium
: ---
: ---
Assigned To: Russell Coker
:
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2006-01-31 14:55 EST by Thorsten Scherf
Modified: 2007-11-30 17:07 EST (History)
0 users

See Also:
Fixed In Version: U3
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2007-01-29 10:48:32 EST
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)

  None (edit)
Description Thorsten Scherf 2006-01-31 14:55:19 EST
From Bugzilla Helper:
User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.7.12) Gecko/20050921 Red Hat/1.0.7-1.4.1 Firefox/1.0.7

Description of problem:
I would like to set a security-context on a filesystem, using the context= mount option is /etc/fstab:

/dev/hda5 /data ext3 defaults,context=system_u:object_r:tmp_t (or whatever)

cd /data
touch test
touch: cannot touch `test': Permission denied

audit(1138734846.831:57): avc:  denied  { associate } for  pid=19169 comm="touch" name="test" scontext=root:object_r:tmp_t tcontext=system_u:object_r:tmp_t tclass=filesystem


Version-Release number of selected component (if applicable):
selinux-policy-targeted-1.17.30-2.110

How reproducible:
Always

Steps to Reproduce:
1.mount partition with context=
2.touch file
3.
  

Actual Results:  see above

Expected Results:  a test file with a label system_u:object_r:tmp_t

Additional info:

it works with an updated fc4 system
Comment 1 Russell Coker 2006-04-13 02:20:46 EDT
I believe this to be fixed in RHEL4U3 with policy version 1.17.30-2.126, both 
by code inspection and by testing the effect of the policy.

Please repeat the test with the RHEL4U3 policy and let me know how it goes.

Note You need to log in before you can comment on or make changes to this bug.