From Bugzilla Helper: User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-GB; rv:1.8.1.3) Gecko/20070417 Fedora/2.0.0.3-4.fc7 Firefox/2.0.0.3 Description of problem: Can't write reliably to fs mounted via ntfs-3g on up-to-date Rawhide machine. Output from setroubleshoot: Summary SELinux is preventing /sbin/mount.ntfs-3g (mount_ntfs_t) "write" to pipe:[68137] (hald_t). Detailed Description SELinux denied access requested by /sbin/mount.ntfs-3g. It is not expected that this access is required by /sbin/mount.ntfs-3g and this access may signal an intrusion attempt. It is also possible that the specific version or configuration of the application is causing it to require additional access. Allowing Access You can generate a local policy module to allow this access - see http://fedora.redhat.com/docs/selinux-faq-fc5/#id2961385 Or you can disable SELinux protection altogether. Disabling SELinux protection is not recommended. Please file a http://bugzilla.redhat.com/bugzilla/enter_bug.cgi against this package. Additional Information Source Context system_u:system_r:mount_ntfs_t Target Context system_u:system_r:hald_t Target Objects pipe:[68137] [ fifo_file ] Affected RPM Packages ntfs-3g-1.417-1.fc7 [application] Policy RPM selinux-policy-2.6.1-1.fc7 Selinux Enabled True Policy Type targeted MLS Enabled True Enforcing Mode Enforcing Plugin Name plugins.catchall Host Name naboo Platform Linux naboo 2.6.21-1.3116.fc7 #1 SMP Thu Apr 26 10:36:44 EDT 2007 i686 i686 Alert Count 1 First Seen Sun 06 May 2007 14:30:29 BST Last Seen Sun 06 May 2007 14:30:29 BST Local ID 695e3ab1-5d27-4b1e-b881-cfc9a029ff84 Line Numbers Raw Audit Messages avc: denied { write } for comm="mount.ntfs-3g" dev=pipefs egid=0 euid=0 exe="/sbin/mount.ntfs-3g" exit=0 fsgid=0 fsuid=0 gid=0 items=0 name="[68138]" path="pipe:[68137]" pid=3023 scontext=system_u:system_r:mount_ntfs_t:s0 sgid=0 subj=system_u:system_r:mount_ntfs_t:s0 suid=0 tclass=fifo_file tcontext=system_u:system_r:hald_t:s0 tty=(none) uid=0 Creating a policy module with the rule: allow mount_ntfs_t hald_t:fifo_file write; fixes it, although I still get the following error with the drive attached on bootup: Additional Information Source Context system_u:system_r:fusermount_t Target Context system_u:system_r:hald_t Target Objects pipe:[12929] [ fifo_file ] Affected RPM Packages fuse-2.6.3-2.fc7 [application] Policy RPM selinux-policy-2.6.1-1.fc7 Selinux Enabled True Policy Type targeted MLS Enabled True Enforcing Mode Enforcing Plugin Name plugins.catchall Host Name naboo Platform Linux naboo 2.6.21-1.3116.fc7 #1 SMP Thu Apr 26 10:36:44 EDT 2007 i686 i686 Alert Count 1 First Seen Sun 06 May 2007 14:59:27 BST Last Seen Sun 06 May 2007 14:59:27 BST Local ID 730cae49-322e-4155-9810-6f92a9000e38 Line Numbers Raw Audit Messages avc: denied { write } for comm="fusermount" dev=pipefs egid=0 euid=0 exe="/usr/bin/fusermount" exit=0 fsgid=0 fsuid=0 gid=0 items=0 name="[12930]" path="pipe:[12929]" pid=3005 scontext=system_u:system_r:fusermount_t:s0 sgid=0 subj=system_u:system_r:fusermount_t:s0 suid=0 tclass=fifo_file tcontext=system_u:system_r:hald_t:s0 tty=(none) uid=0 Version-Release number of selected component (if applicable): How reproducible: Sometimes Steps to Reproduce: Mount a partition with ntfs-3g, write to it. Actual Results: Expected Results: Additional info:
Fixed in selinux-policy-2.6.4-4.fc7
Should be fixed in the current release