Bug 249835 - fuse-2.7.0-3.fc7 doesn't load ntfs-3g during kernel boot
fuse-2.7.0-3.fc7 doesn't load ntfs-3g during kernel boot
Status: CLOSED DUPLICATE of bug 249695
Product: Fedora
Classification: Fedora
Component: fuse (Show other bugs)
7
i686 Linux
low Severity medium
: ---
: ---
Assigned To: Tom "spot" Callaway
Fedora Extras Quality Assurance
:
: 249982 (view as bug list)
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2007-07-27 08:21 EDT by Joshua Covington
Modified: 2007-11-30 17:12 EST (History)
3 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2007-07-30 13:45:33 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)
assembled policy file which resolved the issue on my machine (3.01 KB, text/plain)
2007-07-29 10:28 EDT, Harald
no flags Details

  None (edit)
Description Joshua Covington 2007-07-27 08:21:24 EDT
Description of problem:
after updating to fuse-2.7.0-3 (and the corresponding libs), the kernel cannot
load the ntfs partiotion at boot time. it loads all other partitions but not the
ntfs. i downgraded the ntfs-3g package but this doesn't help. the only solution
is to dongrade the fuse package to version 2.6.5. with it, there is no problem.

it i try to manually mount the partition from the root account, then it is
working ok,even with 2.7.0. the problem exist only during boot-time.

Version-Release number of selected component (if applicable):
fuse-2.7.0-3.fc7
fuse-libs-2.7.0-3.fc7


How reproducible:
update to these packages


Steps to Reproduce:
1.
2.
3.
  
Actual results:


Expected results:


Additional info:

here is a link to the fedora forum, where other are having this problem, too:
http://forums.fedoraforum.org/forum/showthread.php?t=161979
Comment 1 Tom "spot" Callaway 2007-07-27 08:30:43 EDT
Hmmm. OK, let me look into this.
Comment 2 Peter Lemenkov 2007-07-27 08:33:32 EDT
Not enough info to answer.
Are you belong to group "fuse"?
You should provide your settings for SElinux (enabled/disabled) too.
Comment 3 Tom "spot" Callaway 2007-07-27 15:53:55 EDT
I can't reproduce this on a fresh F-7 i386 install, selinux set to permissive. I
don't see any audit denials either.

Can you show me what your /etc/fstab looks like?
Comment 4 Tom "spot" Callaway 2007-07-27 16:08:22 EDT
(In reply to comment #3)
> I can't reproduce this on a fresh F-7 i386 install, selinux set to permissive. I
> don't see any audit denials either.

I should point out that I couldn't reproduce this with:

- the fresh F-7 install
- just ntfs-3g and ntfsprogs updated
- also fuse updated
- also fuse-libs updated
- all updates applied
Comment 5 Joshua Covington 2007-07-28 12:55:55 EDT
i have all updates applied (also the new kernel) and only the fuse and fuse-libs
are downgraded to 2.6.5. everything works fine and selinux is set to enforcing.
no denial message. but when i upgrade to 2.7.0 then i have no denial messages
from selinux and during boot i've got a failure from "mounting local
filesystems". then the ntfs partition isn't loaded. when i delete the partition
entry from the fstab then it works fine.
the entry is: /dev/sda4 /mnt/win_xp/   ntfs-3g rw,defaults,0 0 0 0
everything else is from the standard fstab and i've got no messages when
mounting the partition manually after boot.
Comment 6 Tom "spot" Callaway 2007-07-28 13:02:13 EDT
I'll test this when I get into the office on monday, but in the meantime, try
altering your fstab entry to:

/dev/sda4 /mnt/win_xp/ ntfs defaults 1 2

Let me know if that one doesn't automount on boot.
Comment 7 Ignacio Vazquez-Abrams 2007-07-28 18:22:20 EDT
*** Bug 249982 has been marked as a duplicate of this bug. ***
Comment 8 Harald 2007-07-29 06:26:04 EDT
I am still using FC6, but the issue is the exact same there, the change to the
fstab was applied by me, but it doesn't change anything.

After upgrading the fuse-lib it doesn't mount ntfs partition at boot time. I
didn't apply any update to ntfs-3g. SE-Linux is set to enforce.

After logging in and switching to root the mount succeeds as it should do. I
also remember this sort of issue (mounting during boot failed with NTFS
parttions, while mounting after login suceeds) being discussed with bug #211767
(https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=211767) and #220732
(https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=220732), where the issue
was related to some SE_Linux policy. Perhaps a contact to Daniel Walsh
(dwalsh@redhat.com) could help to resolve this issue?
Comment 9 Tom "spot" Callaway 2007-07-29 08:53:59 EDT
A quick way to confirm that this is SELinux would be to set your selinux to
"permissive" and reboot (in /etc/sysconfig/selinux).

Comment 10 Harald 2007-07-29 10:28:57 EDT
Created attachment 160192 [details]
assembled policy file which resolved the issue on my machine
Comment 11 Harald 2007-07-29 10:34:37 EDT
I should have mentioned it here, but i tried that before posting my last
comment. With selinux in permissive mode the mount works fine during boot.

I just attached the policy file i created with the help from
http://etbe.blogspot.com/2007/03/creating-new-se-linux-policy-module.html and
several reboots.

On my machine (AMD64 with FC6_x64) it resolved the issue. As i am not exactly an
expert on selinux, the policy should be used with care for other people trying
it out, but i guess it is still of use for resolving this issue. Maybe some
selinux experts are able to provide qualified feedback on this.
Comment 12 Tom "spot" Callaway 2007-07-29 11:07:29 EDT
OK, I should be able to figure this out on Monday and get the proper fix in the
selinux-policy package, thanks!
Comment 13 Szabolcs Szakacsits 2007-07-30 10:05:37 EDT
Afaik, this was fixed in SELinux last week, quite quickly:
https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=249695
Comment 14 Daniel Walsh 2007-07-30 10:28:05 EDT
harald, 

Could you attach the avc messages, that you used to generate your policy.  I am
thinking that most of these are unnecessary, and all you really needed was a 

mount_domtrans(mount_ntfs_t)

Looking at your policy you have the following
allow mount_ntfs_t mount_exec_t:file execute;
allow mount_ntfs_t mount_exec_t:file execute_no_trans;

Which shows mount_ntfs_t execing the mount command and most of the other rules
are handled by the mount domain.

So the question, is did the avc's get generated by the mount command

Comment 15 Tom "spot" Callaway 2007-07-30 13:45:33 EDT

*** This bug has been marked as a duplicate of 249695 ***
Comment 16 Joshua Covington 2007-07-30 15:57:24 EDT
here are my ones:

SELinux: initialized (dev sda4, type fuseblk), uses genfs_contexts
audit(1185708851.381:6): avc:  denied  { mount } for  pid=1361
comm="mount.ntfs-3g" name="/" dev=sda4 ino=1
scontext=system_u:system_r:mount_ntfs_t:s0
tcontext=system_u:object_r:fusefs_t:s0 tclass=filesystem
audit(1185708851.381:10): avc:  denied  { add_name } for  pid=1369
comm="mount.ntfs-3g" name="fusermountiX3ckE"
scontext=system_u:system_r:mount_ntfs_t:s0 tcontext=system_u:object_r:tmp_t:s0
tclass=dir
audit(1185708851.381:11): avc:  denied  { create } for  pid=1369
comm="mount.ntfs-3g" name="fusermountiX3ckE"
scontext=system_u:system_r:mount_ntfs_t:s0 tcontext=system_u:object_r:tmp_t:s0
tclass=dir
audit(1185708851.381:12): avc:  denied  { remove_name } for  pid=1369
comm="mount.ntfs-3g" name="fusermountiX3ckE" dev=sda2 ino=2503430
scontext=system_u:system_r:mount_ntfs_t:s0 tcontext=system_u:object_r:tmp_t:s0
tclass=dir
audit(1185708851.381:13): avc:  denied  { rmdir } for  pid=1369
comm="mount.ntfs-3g" name="fusermountiX3ckE" dev=sda2 ino=2503430
scontext=system_u:system_r:mount_ntfs_t:s0 tcontext=system_u:object_r:tmp_t:s0
tclass=dir

Note You need to log in before you can comment on or make changes to this bug.