Hi, Dan: Fedora has a capability to switch between ub and sd in runtime, so please consider if a workaround for this would be feasible. Since sd is the primary driver and ub is a workaround, this is a low priority, but would be very nice to have. -- Pete +++ This bug was initially created as a clone of Bug #230322 +++ Version-Release number of selected component (if applicable): 2.6.19-1.2911.fc6 #1 SMP -- Additional comment from zaitcev on 2007-02-28 13:00 EST -- BTW, what does happen if you boot with libusual.bias="ub" in grub.conf? -- Additional comment from jonathan.underwood on 2007-03-01 06:07 EST -- Hi Pete, thanks for your response. Adding libusual.bias="ub" fixes the problem, once I had disabled SElinux. I'm not sure that the problem is specific to the usb-storeage layer though, as I am also seeing soft lockups when vmware tries to create its virtual ethernet interfaces. These also disappear with libusual.bias="ub" [Just to put your mind at rest though - the problem originally reported in this bug is present with an untainted kernel (i.e. without the vmware module loaded).] As an aside, if there are any plans to enable libusual.bias="ub" out of the box, then I guess the SElinux issue will need fixing up. The SElinux messages displayed are: audit(1172746861.823:7): avc: denied { read } for pid=5340 comm="hald-probe-volu" name="uba1" dev=tmpfs ino=20335 scontext=system_u:system_r:hald_t:s0 tcontext=system_u:object_r:device_t:s0 tclass=blk_file audit(1172746861.824:8): avc: denied { ioctl } for pid=5340 comm="hald-probe-volu" name="uba1" dev=tmpfs ino=20335 scontext=system_u:system_r:hald_t:s0 tcontext=system_u:object_r:device_t:s0 tclass=blk_file SELinux: initialized (dev uba1, type vfat), uses genfs_contexts audit(1172746862.109:9): avc: denied { getattr } for pid=4470 comm="hald" name="uba1" dev=tmpfs ino=20335 scontext=system_u:system_r:hald_t:s0 tcontext=system_u:object_r:device_t:s0 tclass=blk_file -- Additional comment from zaitcev on 2007-03-01 16:15 EST -- Thanks for the testing, Jonathan. I'll clone this bug for Dan Walsh regarding the SElinux issue.
The problem here is the devices are labeled incorrectly. They are labeled as device_t. uba1 should probably be labeled usb_device_t?
If you execute this command does everything work? semanage fcontext -a -t removable_device_t -f '-b' '/dev/ub[a-z][0-9]+' you might have to run restorecon -v /dev/ub* Current policy only matches dev/ub[a-z]
Adding Jon to cc:, to try the test (see comment #2).
I tried re-enabling SElinux and running those two commands, but it didn't work, I still see this in dmesg: audit(1172836335.532:20): avc: denied { read } for pid=16589 comm="hald-probe-volu" name="uba1" dev=tmpfs ino=834181 scontext=system_u:system_r:hald_t:s0 tcontext=system_u:object_r:device_t:s0 tclass=blk_file and the drive isn't mounted.
I believe you need to reboot or restart udev. since udev is not rereading the file_context file.
Thanks Daniel - I rebooted having run those two commands. On reboot I added libusual.bias="ub" to the kernel options line, and sure enough plugging in a usb key causes it to be mounted and the contents displayed, with no SElinux grumbling at all.
Fixed in selinux-policy-2.4.6-42
Fixed in current release