Description of problem: after updating to fuse-2.7.0-3 (and the corresponding libs), the kernel cannot load the ntfs partiotion at boot time. it loads all other partitions but not the ntfs. i downgraded the ntfs-3g package but this doesn't help. the only solution is to dongrade the fuse package to version 2.6.5. with it, there is no problem. it i try to manually mount the partition from the root account, then it is working ok,even with 2.7.0. the problem exist only during boot-time. Version-Release number of selected component (if applicable): fuse-2.7.0-3.fc7 fuse-libs-2.7.0-3.fc7 How reproducible: update to these packages Steps to Reproduce: 1. 2. 3. Actual results: Expected results: Additional info: here is a link to the fedora forum, where other are having this problem, too: http://forums.fedoraforum.org/forum/showthread.php?t=161979
Hmmm. OK, let me look into this.
Not enough info to answer. Are you belong to group "fuse"? You should provide your settings for SElinux (enabled/disabled) too.
I can't reproduce this on a fresh F-7 i386 install, selinux set to permissive. I don't see any audit denials either. Can you show me what your /etc/fstab looks like?
(In reply to comment #3) > I can't reproduce this on a fresh F-7 i386 install, selinux set to permissive. I > don't see any audit denials either. I should point out that I couldn't reproduce this with: - the fresh F-7 install - just ntfs-3g and ntfsprogs updated - also fuse updated - also fuse-libs updated - all updates applied
i have all updates applied (also the new kernel) and only the fuse and fuse-libs are downgraded to 2.6.5. everything works fine and selinux is set to enforcing. no denial message. but when i upgrade to 2.7.0 then i have no denial messages from selinux and during boot i've got a failure from "mounting local filesystems". then the ntfs partition isn't loaded. when i delete the partition entry from the fstab then it works fine. the entry is: /dev/sda4 /mnt/win_xp/ ntfs-3g rw,defaults,0 0 0 0 everything else is from the standard fstab and i've got no messages when mounting the partition manually after boot.
I'll test this when I get into the office on monday, but in the meantime, try altering your fstab entry to: /dev/sda4 /mnt/win_xp/ ntfs defaults 1 2 Let me know if that one doesn't automount on boot.
*** Bug 249982 has been marked as a duplicate of this bug. ***
I am still using FC6, but the issue is the exact same there, the change to the fstab was applied by me, but it doesn't change anything. After upgrading the fuse-lib it doesn't mount ntfs partition at boot time. I didn't apply any update to ntfs-3g. SE-Linux is set to enforce. After logging in and switching to root the mount succeeds as it should do. I also remember this sort of issue (mounting during boot failed with NTFS parttions, while mounting after login suceeds) being discussed with bug #211767 (https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=211767) and #220732 (https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=220732), where the issue was related to some SE_Linux policy. Perhaps a contact to Daniel Walsh (dwalsh) could help to resolve this issue?
A quick way to confirm that this is SELinux would be to set your selinux to "permissive" and reboot (in /etc/sysconfig/selinux).
Created attachment 160192 [details] assembled policy file which resolved the issue on my machine
I should have mentioned it here, but i tried that before posting my last comment. With selinux in permissive mode the mount works fine during boot. I just attached the policy file i created with the help from http://etbe.blogspot.com/2007/03/creating-new-se-linux-policy-module.html and several reboots. On my machine (AMD64 with FC6_x64) it resolved the issue. As i am not exactly an expert on selinux, the policy should be used with care for other people trying it out, but i guess it is still of use for resolving this issue. Maybe some selinux experts are able to provide qualified feedback on this.
OK, I should be able to figure this out on Monday and get the proper fix in the selinux-policy package, thanks!
Afaik, this was fixed in SELinux last week, quite quickly: https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=249695
harald, Could you attach the avc messages, that you used to generate your policy. I am thinking that most of these are unnecessary, and all you really needed was a mount_domtrans(mount_ntfs_t) Looking at your policy you have the following allow mount_ntfs_t mount_exec_t:file execute; allow mount_ntfs_t mount_exec_t:file execute_no_trans; Which shows mount_ntfs_t execing the mount command and most of the other rules are handled by the mount domain. So the question, is did the avc's get generated by the mount command
*** This bug has been marked as a duplicate of 249695 ***
here are my ones: SELinux: initialized (dev sda4, type fuseblk), uses genfs_contexts audit(1185708851.381:6): avc: denied { mount } for pid=1361 comm="mount.ntfs-3g" name="/" dev=sda4 ino=1 scontext=system_u:system_r:mount_ntfs_t:s0 tcontext=system_u:object_r:fusefs_t:s0 tclass=filesystem audit(1185708851.381:10): avc: denied { add_name } for pid=1369 comm="mount.ntfs-3g" name="fusermountiX3ckE" scontext=system_u:system_r:mount_ntfs_t:s0 tcontext=system_u:object_r:tmp_t:s0 tclass=dir audit(1185708851.381:11): avc: denied { create } for pid=1369 comm="mount.ntfs-3g" name="fusermountiX3ckE" scontext=system_u:system_r:mount_ntfs_t:s0 tcontext=system_u:object_r:tmp_t:s0 tclass=dir audit(1185708851.381:12): avc: denied { remove_name } for pid=1369 comm="mount.ntfs-3g" name="fusermountiX3ckE" dev=sda2 ino=2503430 scontext=system_u:system_r:mount_ntfs_t:s0 tcontext=system_u:object_r:tmp_t:s0 tclass=dir audit(1185708851.381:13): avc: denied { rmdir } for pid=1369 comm="mount.ntfs-3g" name="fusermountiX3ckE" dev=sda2 ino=2503430 scontext=system_u:system_r:mount_ntfs_t:s0 tcontext=system_u:object_r:tmp_t:s0 tclass=dir