Description of problem: 'mount' command requires selinux rules to mount an iso. I'm surprised that such a normal command would require me to set up a rule... Version-Release number of selected component (if applicable): util-linux-2.13-0.16 How reproducible: 100% Steps to Reproduce: 1. mount -oloop boot.iso mntdir Actual results: The following is displayed on the screen. audit(1141818037.016:6): avc: denied { read write } for pid=14280 comm="mount" name="boot.img" dev=dm-0 ino=2719747 scontext=root:system_r:mount_t:s0-s0:c0.c255 tcontext=root:object_r:home_root_t:s0 tclass=file boot.img: Permission denied Expected results: The command should succeed. Additional info: I'm not sure if this is an selinux issue or a utils-linux issue.
Created attachment 125980 [details] /var/log/messages audit denieds for iso and disk mounts Repeatable on my machine-except that the mount works and is accessible if done manually after boot, but not when in /etc/fstab -just realized these first parts are with se=permissive ======= se=permissive # rpm -qa|grep -E 'kernel|util-linux|mount'|sort gnome-mount-0.4-5 kernel-2.6.15-1.2032_FC5 kernel-2.6.15-1.2039_FC5 util-linux-2.13-0.17 xorg-x11-drv-penmount-1.0.0.5-1.2 # ls -l /home/install/software/linux/fedora/core/5 total 3220748 drwxr-xr-x 2 davidt davidt 4096 Feb 11 22:32 disc -rw-r--r-- 1 davidt davidt 3215806464 Feb 22 21:57 FC-5-Test3-i386-DVD.iso -rw-r--r-- 1 davidt davidt 78987264 Feb 22 21:57 FC-5-Test3-i386-rescuecd.iso # mount -o loop /home/install/software/linux/fedora/core/5/FC-5-Test3-i386-DVD.iso /home/install/software/linux/fedora/core/5/disc /\ succeeds, and the iso is mounted and accessible through nautilus, but # tail -f /var/log/messages ... Mar 11 13:53:13 davidtdesktop kernel: audit(1142045593.122:35): avc: denied { read write } for pid=3158 comm="mount" name="FC-5-Test3-i386-DVD.iso" dev=dm-1 ino=12615715 scontext=user_u:system_r:mount_t:s0-s0:c0.c255 tcontext=system_u:object_r:user_home_t:s0 tclass=file Mar 11 13:53:13 davidtdesktop kernel: audit(1142045593.126:36): avc: denied { mounton } for pid=3158 comm="mount" name="disc" dev=dm-1 ino=12615685 scontext=user_u:system_r:mount_t:s0-s0:c0.c255 tcontext=user_u:object_r:user_home_t:s0 tclass=dir Mar 11 13:53:13 davidtdesktop kernel: SELinux: initialized (dev loop0, type iso9660), uses genfs_contexts Mar 11 13:53:13 davidtdesktop kernel: audit(1142045593.126:37): avc: denied { search } for pid=2025 comm="hald" name="software" dev=dm-1 ino=8716410 scontext=system_u:system_r:hald_t:s0 tcontext=user_u:object_r:user_home_t:s0 tclass=dir ... Mar 11 14:03:25 davidtdesktop kernel: audit(1142046205.207:39): avc: denied { getattr } for pid=3368 comm="mount" name="FC-5-Test3-i386-DVD.iso" dev=dm-1 ino=12615715 scontext=user_u:system_r:mount_t:s0-s0:c0.c255 tcontext=system_u:object_r:user_home_t:s0 tclass=file Mar 11 14:03:25 davidtdesktop kernel: SELinux: initialized (dev loop0, type iso9660), uses genfs_contexts ======= se=enforcing I notice a lot of boot denied messages as my 8 drives on another disk are not mounted. I don't know now when I last had selinux enforcing ;~) # mount /home/install/software/linux/fedora/core/5/FC-5-Test3-i386-DVD.iso /home/install/software/linux/fedora/core/5/FC-5-Test3-i386-DVD.iso: Permission denied # mount /dev/hdd8 8 mount: block device /dev/hdd8 is write-protected, mounting read-only mount: cannot mount block device /dev/hdd8 read-only [root@davidthome old]# mount /dev/hdd5 5 mount: block device /dev/hdd5 is write-protected, mounting read-only mount: cannot mount block device /dev/hdd5 read-only
Created attachment 125981 [details] /etc/fstab for attempted boot mounts
Created attachment 125982 [details] # mount result Some drives: (perhaps ones that were present during installation - and manually slected in anaconda / partition selection) still mount OK, but items manually added to /etc/fstab are no longer being allowed to boot.
no longer being allowed to boot. doh! I meant mount.
*** This bug has been marked as a duplicate of 184067 ***