Description of problem: Making a bootable usb drive with grub-install is stopped with current targeted policy. Version-Release number of selected component (if applicable): selinux-policy-targeted-2.6.1-1.fc7 How reproducible: always Steps to Reproduce: 1. plug in a usb drive, say /dev/sdc, that gets mounted to /media/disk 2. grub-install --root-directory=/media/disk /dev/sdc Actual results: avc: denied { write } for comm="grub" dev=dm-0 egid=0 euid=0 exe="/sbin/grub" exit=0 fsgid=0 fsuid=0 gid=0 items=0 name="grub-install.log.R22033" path="/tmp/grub-install.log.R22033" pid=22036 scontext=user_u:system_r:bootloader_t:s0 sgid=0 subj=user_u:system_r:bootloader_t:s0 suid=0 tclass=file tcontext=user_u:object_r:tmp_t:s0 tty=pts1 uid=0 avc: denied { search } for comm="grub" dev=dm-0 egid=0 euid=0 exe="/sbin/grub" exit=-2 fsgid=0 fsuid=0 gid=0 items=0 name="media" pid=22082 scontext=user_u:system_r:bootloader_t:s0 sgid=0 subj=user_u:system_r:bootloader_t:s0 suid=0 tclass=dir tcontext=system_u:object_r:mnt_t:s0 tty=pts1 uid=0 Expected results: grub-install to succeed. Additional info:
Remove transition from unconfined_t to bootloader_t. Fixed in selinux-policy-2.6.3-1.fc7
Should be fixed in the current release