Red Hat Bugzilla – Bug 216819
ntfs-3g won't mount filesystem during startup
Last modified: 2009-06-27 11:45:25 EDT
Description of problem: After installation of ntfs-3g and adding drives to the /etc/fstab, ntfs-3g allows me to mount my drive from the commandline by issuing the 'mount' command. However, during system startup, the mount reports SELinux audit failures during startup. If the ntfs-3g filesystem is mounted ruing shutdown, SELinux audit errors are also reported there. I was able to build an audit policy file that I used as the input to audit2allow that resolved these issues. If these look reasonable, it would be nice if the install script for the RPM would automatically compile and install these policies. I have attached the file for your review. Version-Release number of selected component (if applicable): Fedora: Core 6 Kernel: 2.6.18.1-2849 ntfs-3g: 0.0.5.20070920.fc6 How reproducible: Very Steps to Reproduce: 1) Install the ntfs-3g package 2) Edit /etc/fstab to include an NTFS mount 3) Reboot system Actual results: System startup does not mount NTFS drives and shutdown reports errors during NTFS drive 'umount'. Expected results: NTFS drive should mount and unmount without errors during startup and shutdown. Additional info: I have attached the audit policy file that I used with 'audit2allow'
Created attachment 141868 [details] "audit2allow -M local" input file
This should be fixed for RHEL5 and FC6 by selinux-policy-2.4.6-23. Could you please confirm? Thank you.
No change with selinux-policy-2.4.6-23.fc6 so far.
I am now running the following configuration: kernel: 2.6.20-1.2933.fc6 fuse: 2.6.3-2.fc6 fuse-libs: 2.6.3-2.fc6 ntfs-3g: 2:1.0-1.fc6 I am now receiving errors on startup shutdown when a windows NTFS partition is auto mounted from /etc/fstab. All errors seem to be audit errors with SELinux for both fuse and ntfsl-3g.
selinux-policy-2.4.6-49.fc6 seems to fix it.
Still seems to be a problem even with selinux-policy-2.4.6-49-fc6 installed. Here are the errors that I am receiving: Apr 4 21:43:56 holmes kernel: audit(1175741024.399:4): avc: denied { getattr } for pid=2041 comm="mount.ntfs-3g" name="modprobe" dev=sda7 ino=39960724 scontext=system_u:system_r:mount_t:s0 context=system_u:object_r:insmod_exec_t:s0 tclass=file Apr 4 21:43:56 holmes kernel: audit(1175741024.399:5): avc: denied { execute } for pid=2043 comm="mount.ntfs-3g" name="bash" dev=sda7 ino=10076172 scontext=system_u:system_r:mount_t:s0 context=system_u:object_r:shell_exec_t:s0 tclass=file Apr 4 21:43:56 holmes kernel: fuse init (API version 7.8) Apr 4 21:43:56 holmes kernel: SELinux: initialized (dev sda2, type fuseblk), not configured for labeling Apr 4 21:43:56 holmes kernel: audit(1175741025.619:6): avc: denied { mount } for pid=2044 comm="fusermount" name="/" dev=sda2 ino=1 scontext=system_u:system_r:mount_t:s0 tcontext=system_u:object_r:unlabeled_t:s0 tclass=filesystem
Sorry, misspoke. :( I was running selinux-policy-2.4.6-46-fc6 instead of selinux-policy-2.4.6-49-fc6. Once I installed 49, it appears to mount on startup and unmount on shutdown. Thanks for the work.
So could anyone please close this bug report?