Bug 208604 - security error trying to mount USB flash memory key
security error trying to mount USB flash memory key
Product: Fedora
Classification: Fedora
Component: selinux-policy-targeted (Show other bugs)
All Linux
medium Severity medium
: ---
: ---
Assigned To: Daniel Walsh
Ben Levenson
Depends On:
  Show dependency treegraph
Reported: 2006-09-29 12:37 EDT by Garrett Mitchener
Modified: 2007-11-30 17:11 EST (History)
0 users

See Also:
Fixed In Version: 2.3.17-1
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Last Closed: 2006-10-03 10:46:23 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)

  None (edit)
Description Garrett Mitchener 2006-09-29 12:37:12 EDT
Description of problem:

I installed updates today of various packages, including
selinux-policy-targeted.noarch 2.3.16-6.  Now when I log in to gnome and plug in
a USB memory key, I get an error in a dialog box:

Cannot mount volume.
Error org.freedesktop.DBus.Error.AccessDenied.

A security policy in place prevents this sender from sending this message to
this recipient, see message bus configuration file (rejected message had
interface "org.freedesktop.Hal.Device.Volume" member "Mount" error name
"(unset)" destination "org.freedesktop.Hal")

I assume this is a glitch in the new targeted policy package.

Steps to Reproduce:
1. log in to gnome
2. put in a usb key
Actual results:

error message

Expected results:

The key should be mounted.

Additional info:

I didn't have any problem using this USB key on this machine until after I ran
'yum update' this morning and rebooted.
Comment 1 Daniel Walsh 2006-09-29 13:19:23 EDT
any avc messages in /var/log/messages or /var/log/audit/audit.log?
Comment 2 Garrett Mitchener 2006-09-29 17:45:28 EDT
None that I can find.  I restarted my machine after replacing SELINUX=enforcing
with SELINUX=permissive in /etc/selinux/config and the usb key works fine.
Comment 3 Garrett Mitchener 2006-09-29 17:49:19 EDT
I just realized, there isn't even a /var/log/audit directory on this computer. 
Is there some setting I have to put in somewhere to get it to keep a log?
Comment 4 Daniel Walsh 2006-10-02 13:32:36 EDT
You can install the audit package and that directory will be created.  But using
dmesg or looking in /var/log/messages, you do not see avc messages?
Comment 5 Garrett Mitchener 2006-10-02 17:14:45 EDT
Hmm.  I installed audit and reset /etc/selinux/config to enforcing, and
rebooted, and now my USB key works.  This is after running yum update this
afternoon, so maybe one of these new packages fixed it.  I'll just list the ones
that seem relevant:

selinux-policy-targeted.noarch 2.3.17-1
dbus-devel.i386 & x86_64 0.93-3.fc6
Comment 6 Daniel Walsh 2006-10-03 10:46:23 EDT
So I will close this bug, reopen if it comes back.  You might want to try out
the  setroubleshoot package also.

Note You need to log in before you can comment on or make changes to this bug.