Bug 184315 - hfsplus partitions cant be mounted with selinux enabled
hfsplus partitions cant be mounted with selinux enabled
Status: CLOSED RAWHIDE
Product: Fedora
Classification: Fedora
Component: selinux-policy (Show other bugs)
rawhide
All Linux
medium Severity medium
: ---
: ---
Assigned To: Daniel Walsh
:
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2006-03-07 17:51 EST by Dennis Gilmore
Modified: 2007-11-30 17:11 EST (History)
1 user (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2006-06-30 08:49:29 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)

  None (edit)
Description Dennis Gilmore 2006-03-07 17:51:47 EST
Description of problem: 
Trying to mount a hfsplus partition with selinux  in enabled mode  fails 
 
dmesg shows  
hfs: write access to a jounaled filesystem is not supported, use the force 
option at your own risk, mounting read-only. 
SELinux: initialized (dev sdf3, type hfsplus), not configured for labelinghfs: 
write access to a jounaled filesystem is not supported, use the force option 
at your own risk, mounting read-only. 
SELinux: initialized (dev sdf3, type hfsplus), not configured for labeling 
 
 
that is from trying to mount my ipod on a x86_64 machine.  i also got this on 
my powerbook trying to mount the mac partition  to extract wireless firmware. 
 
we should handle the situation  as im sure apple will not add selinux support 
to there filessytem 
 
Version-Release number of selected component (if applicable): 
 
 
How reproducible: 
always 
 
Steps to Reproduce: 
1. mount hfsplus partition 
2. 
3. 
   
Actual results: 
not mounted 
 
Expected results: 
mounted 
 
Additional info:
Comment 1 Paul Nasrat 2006-03-07 18:32:47 EST
Same applies for hfs attempt to mount hfs then hfsplus partitions:

type=AVC msg=audit(1141774478.209:206): avc:  denied  { mount } for  pid=13971
comm="mount" name="/" dev=sda2 ino=2
scontext=root:system_r:mount_t:s0-s0:c0.c255
tcontext=system_u:object_r:unlabeled_t:s0 tclass=filesystem
type=SYSCALL msg=audit(1141774478.209:206): arch=14 syscall=21 success=yes
exit=-13 a0=10039b78 a1=10039b88 a2=10039b98 a3=c0ed0001 items=2 pid=13971
auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 comm="mount"
exe="/bin/mount"
type=CWD msg=audit(1141774478.209:206):  cwd="/root"
type=PATH msg=audit(1141774478.209:206): item=0 name="/mnt/" flags=1 
inode=94142465 dev=fd:00 mode=040755 ouid=0 ogid=0 rdev=00:00
type=PATH msg=audit(1141774478.209:206): item=1 flags=1  inode=861 dev=00:10
mode=060640 ouid=0 ogid=6 rdev=08:02
type=AVC msg=audit(1141774621.173:214): avc:  denied  { mount } for  pid=14004
comm="mount" name="/" dev=sda4 ino=2
scontext=root:system_r:mount_t:s0-s0:c0.c255
tcontext=system_u:object_r:unlabeled_t:s0 tclass=filesystem
type=SYSCALL msg=audit(1141774621.173:214): arch=14 syscall=21 success=yes
exit=-13 a0=10039b78 a1=10039b88 a2=10039b98 a3=c0ed0001 items=2 pid=14004
auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 comm="mount"
exe="/bin/mount"
type=CWD msg=audit(1141774621.173:214):  cwd="/root"
type=PATH msg=audit(1141774621.173:214): item=0 name="/mnt/" flags=1 
inode=94142465 dev=fd:00 mode=040755 ouid=0 ogid=0 rdev=00:00
type=PATH msg=audit(1141774621.173:214): item=1 flags=1  inode=849 dev=00:10
mode=060640 ouid=0 ogid=6 rdev=08:04
Comment 2 Daniel Walsh 2006-03-08 11:51:30 EST
I set up a mapping between hfsplus and nfs_t so that it can be used.  I am not
sure how we should label it but this should get it working.

selinux-policy-2.2.23-7
Comment 3 Dennis Gilmore 2006-03-09 14:18:42 EST
works with selinux-policy-2.2.23-11  that was released to rawhide this morning  
Comment 4 Dennis Gilmore 2006-06-28 23:11:54 EDT
should this now be closed?

Note You need to log in before you can comment on or make changes to this bug.