Bug 184315 - hfsplus partitions cant be mounted with selinux enabled
Summary: hfsplus partitions cant be mounted with selinux enabled
Keywords:
Status: CLOSED RAWHIDE
Alias: None
Product: Fedora
Classification: Fedora
Component: selinux-policy
Version: rawhide
Hardware: All
OS: Linux
medium
medium
Target Milestone: ---
Assignee: Daniel Walsh
QA Contact:
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2006-03-07 22:51 UTC by Dennis Gilmore
Modified: 2007-11-30 22:11 UTC (History)
1 user (show)

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed: 2006-06-30 12:49:29 UTC
Type: ---
Embargoed:

Attachments (Terms of Use)

Description Dennis Gilmore 2006-03-07 22:51:47 UTC 
Description of problem: 
Trying to mount a hfsplus partition with selinux  in enabled mode  fails 
 
dmesg shows  
hfs: write access to a jounaled filesystem is not supported, use the force 
option at your own risk, mounting read-only. 
SELinux: initialized (dev sdf3, type hfsplus), not configured for labelinghfs: 
write access to a jounaled filesystem is not supported, use the force option 
at your own risk, mounting read-only. 
SELinux: initialized (dev sdf3, type hfsplus), not configured for labeling 
 
 
that is from trying to mount my ipod on a x86_64 machine.  i also got this on 
my powerbook trying to mount the mac partition  to extract wireless firmware. 
 
we should handle the situation  as im sure apple will not add selinux support 
to there filessytem 
 
Version-Release number of selected component (if applicable): 
 
 
How reproducible: 
always 
 
Steps to Reproduce: 
1. mount hfsplus partition 
2. 
3. 
   
Actual results: 
not mounted 
 
Expected results: 
mounted 
 
Additional info:
Comment 1 Paul Nasrat 2006-03-07 23:32:47 UTC 
Same applies for hfs attempt to mount hfs then hfsplus partitions:

type=AVC msg=audit(1141774478.209:206): avc:  denied  { mount } for  pid=13971
comm="mount" name="/" dev=sda2 ino=2
scontext=root:system_r:mount_t:s0-s0:c0.c255
tcontext=system_u:object_r:unlabeled_t:s0 tclass=filesystem
type=SYSCALL msg=audit(1141774478.209:206): arch=14 syscall=21 success=yes
exit=-13 a0=10039b78 a1=10039b88 a2=10039b98 a3=c0ed0001 items=2 pid=13971
auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 comm="mount"
exe="/bin/mount"
type=CWD msg=audit(1141774478.209:206):  cwd="/root"
type=PATH msg=audit(1141774478.209:206): item=0 name="/mnt/" flags=1 
inode=94142465 dev=fd:00 mode=040755 ouid=0 ogid=0 rdev=00:00
type=PATH msg=audit(1141774478.209:206): item=1 flags=1  inode=861 dev=00:10
mode=060640 ouid=0 ogid=6 rdev=08:02
type=AVC msg=audit(1141774621.173:214): avc:  denied  { mount } for  pid=14004
comm="mount" name="/" dev=sda4 ino=2
scontext=root:system_r:mount_t:s0-s0:c0.c255
tcontext=system_u:object_r:unlabeled_t:s0 tclass=filesystem
type=SYSCALL msg=audit(1141774621.173:214): arch=14 syscall=21 success=yes
exit=-13 a0=10039b78 a1=10039b88 a2=10039b98 a3=c0ed0001 items=2 pid=14004
auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 comm="mount"
exe="/bin/mount"
type=CWD msg=audit(1141774621.173:214):  cwd="/root"
type=PATH msg=audit(1141774621.173:214): item=0 name="/mnt/" flags=1 
inode=94142465 dev=fd:00 mode=040755 ouid=0 ogid=0 rdev=00:00
type=PATH msg=audit(1141774621.173:214): item=1 flags=1  inode=849 dev=00:10
mode=060640 ouid=0 ogid=6 rdev=08:04
Comment 2 Daniel Walsh 2006-03-08 16:51:30 UTC 
I set up a mapping between hfsplus and nfs_t so that it can be used.  I am not
sure how we should label it but this should get it working.

selinux-policy-2.2.23-7
Comment 3 Dennis Gilmore 2006-03-09 19:18:42 UTC 
works with selinux-policy-2.2.23-11  that was released to rawhide this morning
Comment 4 Dennis Gilmore 2006-06-29 03:11:54 UTC 
should this now be closed?
Note You need to log in before you can comment on or make changes to this bug.