# mount -o loop,context=root:object_r:root_t:s0:c1,c4 foo /mnt mount: wrong fs type, bad option, bad superblock on /dev/loop0, missing codepage or other error In some cases useful info is found in syslog - try dmesg | tail or so See discussion here for more details: https://www.redhat.com/archives/redhat-lspp/2006-October/msg00208.html
The patches are waiting in my INBOX, but it's a surprise for me that we expect this change in RHEL5 GA. My plan was add this feature to rawhide (fc7). The patch to nfsmount.c is useless -- in RHEL5 we use separate mount.nfs (from the nfs-utils package) instead the old NFS from from util-linux. It means you have to open a new IT/BZ request for nfs-utils too. (Please, assign to me -- I'll fix it in both packages.)
This request was evaluated by Red Hat Product Management for inclusion in a Red Hat Enterprise Linux major release. Product Management has requested further review of this request by Red Hat Engineering, for potential inclusion in a Red Hat Enterprise Linux Major release. This request is not yet committed for inclusion.
QE ack for RHEL5.
Fixed in util-linux-2.13-0.43.1.el5, but without change in kernel (see bug #211857) is not possible use selinux mount options at all.
A package has been built which should help the problem described in this bug report. This report is therefore being closed with a resolution of CURRENTRELEASE. You may reopen this bug report if the solution does not work for you.
Problem persists with lspp (2.6.18-1.2913.4.2.el5.lspp.59) kernel: [root@rhel5lspp ~]# mount -v -o context="root:object_r:root_t:s0:c1,c4" /dev/cdrom /mnt/cdrom/ mount: translated context 'root:object_r:root_t:s0:c1' to 'root:object_r:root_t:s0:c1' mount: you didn't specify a filesystem type for /dev/cdrom I will try type iso9660 mount: block device /dev/cdrom is write-protected, mounting read-only mount: translated context 'root:object_r:root_t:s0:c1' to 'root:object_r:root_t:s0:c1' mount: wrong fs type, bad option, bad superblock on /dev/cdrom, missing codepage or other error In some cases useful info is found in syslog - try dmesg | tail or so (the same message above happens with/without quoting the context string) [root@rhel5lspp ~]# rpm -q util-linux util-linux-2.13-0.43.3.el5 please reopen the bug
the userspace quotation checking must be flawed since it is dropping the ,c4 are there any messages in syslog or the audit log which may be related? I would have expected it to mount (although incorrectly) even with the ,c4 dropped...
(In reply to comment #11) > the userspace quotation checking must be flawed since it is dropping the ,c4 > > are there any messages in syslog or the audit log which may be related? I would > have expected it to mount (although incorrectly) even with the ,c4 dropped... None! No messages are inserted in dmesg or /var/log/messages or event auditd.log. But I must disagree with you: I would expect that the above command fails: Since the userspace is dropping the ',c4' out of the complete context string, mount is still probably trying to use it as one of the mount options (-o thing,thing,c4), which is invalid, and then fails
(In reply to comment #10) > [root@rhel5lspp ~]# mount -v -o context="root:object_r:root_t:s0:c1,c4" Please, be careful with quotes on shell command line ;-) You have to use: mount -v -o context=\"root:object_r:root_t:s0:c1,c4\" It works as expected: # mount -v -o context=\"root:object_r:root_t:s0:c1,c4\",ro -t ext3 /dev/loop0 /mnt/test mount: translated context 'root:object_r:root_t:s0:c1,c4' to 'root:object_r:root_t:s0:c1,c4' /dev/loop0 on /mnt/test type ext3 (ro,context="root:object_r:root_t:s0:c1,c4") # mount | grep test /dev/loop0 on /mnt/test type ext3 (ro,context="root:object_r:root_t:s0:c1,c4") # uname -r 2.6.18-1.2961.el5 # rpm -q util-linux util-linux-2.13-0.43.3.el5
(In reply to comment #13) > (In reply to comment #10) > > > [root@rhel5lspp ~]# mount -v -o context="root:object_r:root_t:s0:c1,c4" > > Please, be careful with quotes on shell command line ;-) You have to use: I'm ashamed! Wasn't aware that mount needed the quotes itself. It's working as expected. Please close the bug - thank you. For the records: It appears that single-quotes aren't good enough (even escaped). We _need_ to use double-quotes?
Yes, it's the mount command that needs to extract selinux stuff from the option string and quotes work as a separator between normal and selinux options. Don't forget that "," is generic separator for all mount options and all options don't start with <name>= (for example ro -- read-only) context=root:object_r:root_t:s0:c1,c4,ro where context=root:object_r:root_t:s0:c1,c4 is selinux and ro is normal option. So, the right format is: context="root:object_r:root_t:s0:c1,c4",ro (plus escape for your shell) I don't remember who selected double-quotes instead single-quotes. IMHO it is not so important. Your shell is sensitive for both.
Found a regression while performing the same testcase: [root@alex ~]# mount -vo loop,context=\"root:object_r:root_t:s0:c1,c4\",ro disk.img mountp/ mount: translated context 'root:object_r:root_t:s0:c1,c4' to 'root:object_r:root_t:s0:c1' mount: going to use the loop device /dev/loop0 mount: you didn't specify a filesystem type for /dev/loop0 I will try type ext3 /root/disk.img on /root/mountp type ext3 (ro,loop=/dev/loop0,context="root:object_r:root_t:s0:c1") [root@alex ~]# ls -ldZ mountp/ drwxr-xr-x root root root:object_r:root_t:s0:c1 mountp/ [root@alex ~]# mount | grep mountp /root/disk.img on /root/mountp type ext3 (ro,loop=/dev/loop0,context="root:object_r:root_t:s0:c1") [root@alex ~]# please re-open the bug
(In reply to comment #19) > Found a regression while performing the same testcase: ? > mount: translated context 'root:object_r:root_t:s0:c1,c4' to > 'root:object_r:root_t:s0:c1' Do you mean that root:object_r:root_t:s0:c1,c4 has been translated to root:object_r:root_t:s0:c1 (the raw context is without 'c4') ? Dwalsh, is it normal?
Fixed in libselinux-1.33.4-3.el5.i386.rpm
Actually this turns out to be a mcstrans problem. Fixed in mcstrans-0.2.2-1
Confirmed fix in ppc64. package list: [root@zaphod ~]# rpm -qa | egrep 'policy|libselinux|mcstrans' checkpolicy-1.33.1-2.el5 mcstrans-0.2.2-1.el5 libselinux-python-1.33.4-4.el5 selinux-policy-devel-2.4.6-37.el5 libselinux-devel-1.33.4-4.el5 libselinux-1.33.4-4.el5 policycoreutils-1.33.12-4.el5 selinux-policy-mls-2.4.6-37.el5 selinux-policy-2.4.6-37.el5 selinux-policy-targeted-2.4.6-37.el5 libselinux-1.33.4-4.el5 policycoreutils-newrole-1.33.12-4.el5 [root@zaphod ~]# Awaiting official release to close bug
Klaus, is this bug fixed in util-linux-2.13-0.44? Can this be closed?
(In reply to comment #25) > Klaus, is this bug fixed in util-linux-2.13-0.44? Can this be closed? Steve, everything seems fine: [root/sysadm_r/SystemLow@bracer2 ~]# chcon -t mount_tmp_t boot.iso [root/sysadm_r/SystemLow@bracer2 ~]# mount -vo loop,context=\"root:object_r:root_t:s0:c1,c4\",ro boot.iso /media/cdrom/ mount: translated context 'root:object_r:root_t:s0:c1,c4' to 'root:object_r:root_t:s0:c1,c4' mount: going to use the loop device /dev/loop0 mount: you didn't specify a filesystem type for /dev/loop0 I will try type iso9660 /root/boot.iso on /media/cdrom type iso9660 (ro,loop=/dev/loop0,context="root:object_r:root_t:s0:c1,c4") [root/sysadm_r/SystemLow@bracer2 ~]# mount /dev/mapper/VolGroup00-LvRoot on / type ext3 (rw,user_xattr,acl) proc on /proc type proc (rw) sysfs on /sys type sysfs (rw) devpts on /dev/pts type devpts (rw,gid=5,mode=620) /dev/sda1 on /boot type ext3 (rw,user_xattr,acl) tmpfs on /dev/shm type tmpfs (rw) /dev/mapper/VolGroup00-LvHome on /home type ext3 (rw,user_xattr,acl) /dev/mapper/VolGroup00-LvLogs on /var/log type ext3 (rw,user_xattr,acl) none on /proc/sys/fs/binfmt_misc type binfmt_misc (rw) /root/boot.iso on /media/cdrom type iso9660 (ro,loop=/dev/loop0,context="root:object_r:root_t:s0:c1,c4") [root/sysadm_r/SystemLow@bracer2 ~]# ls -lZ /media/ drwxr-sr-x root root root:object_r:root_t:s0:c1,c4 cdrom [root/sysadm_r/SystemLow@bracer2 ~]# relevant packages: [root/sysadm_r/SystemLow@bracer2 ~]# rpm -qa | egrep 'libselinux|util-linux|kernel|mcstrans' mcstrans-0.2.3-1.el5 libselinux-python-1.33.4-4.el5 kernel-headers-2.6.18-8.el5 kernel-2.6.18-8.el5 kernel-devel-2.6.18-8.el5 kernel-devel-2.6.18-8.el5.lspp.67 libselinux-1.33.4-4.el5 libselinux-1.33.4-4.el5 libselinux-devel-1.33.4-4.el5 util-linux-2.13-0.44.el5 kernel-2.6.18-8.el5.lspp.67 Since we already got problems with the context size, maybe it would be a good idea to test mount against a context with a large number of categories. I'll check if we have such testcase here.
Closing this as its believed to be fixed.