Description of problem: I'm using encfs which I have mounted as "sudo encfs --public ~user/dir-enc ~user/dir" (see bug 189139 for why this has to be done as root). I can copy files into ~user/dir (cp ~user/foo ~user/dir), but when I try something like "mv ~user/foo ~user/dir" I get a permissin denied. Selinux has given me a avc denied message: type=AVC msg=audit(1145291675.646:2094): avc: denied { associate } for pid=24518 comm="mv" name="fuse.te" scontext=user_u:object_r:file_t:s0 tcontext=system_u:object_r:unlabeled_t:s0 tclass=filesystem audit2allow tells me I need to create a policy like this: require { class filesystem associate; type file_t; type unlabeled_t; }; allow file_t unlabeled_t:filesystem associate; Version-Release number of selected component (if applicable): fuse-2.5.2-4.fc5 How reproducible: always Steps to Reproduce: 1. 2. 3. Actual results: Expected results: file moves into fuse filesystems should be allowed by selinux policy Additional info:
*** Bug 208278 has been marked as a duplicate of this bug. ***
Please test with new version (2.6.5-2) whether this bug still exists.
This seems to happen still with selinux-policy-3.0.6-3.fc8. $ sshfs ... fuse $ cd fuse $ touch foo $ mv foo ~ mv: cannot create regular file `/home/adam/foo': Permission denied
Created attachment 173001 [details] selinux alert report
Fixed in selinux-policy-3.0.7-1.fc8.
Adding FutureFeature keyword to RFE's.