Description of problem: As in title really. I created squashfs filesystem in a file with mksquashfs and then copied it to LVM volume with dd. Then I added the following line to /etc/auto.misc: C4 -fstype=squashfs,ro :/dev/triss2/C4 where /dev/triss2/C4 is logical volume with squashfs. Mounting manually works: triss:~# mount -t squashfs -r /dev/triss2/C4 /mnt/ triss:~# ls /mnt/ bin etc initrd media net proc selinux tftpboot var boot halt lib misc nfs root srv tmp dev home lost+found mnt opt sbin sys usr triss:~# umount /mnt/ But accessing by /misc/C4 does not: triss:~# env LANG=C ls /misc/C4 ls: /misc/C4: No such file or directory setroubleshoot logs a message: Oct 5 08:25:04 triss kernel: SELinux: initialized (dev dm-9, type squashfs), no t configured for labeling Oct 5 08:25:06 triss setroubleshoot: SELinux is preventing /bin/mount (mou nt_t) "mount" to / (unlabeled_t). For complete SELinux messages. run sealer t -l 5b1fb67a-1dea-4836-9a7d-3c87bf946790 and sealert shows: triss:~# sealert -l 5b1fb67a-1dea-4836-9a7d-3c87bf946790 Summary SELinux is preventing /bin/mount (mount_t) "mount" to / (unlabeled_t). Detailed Description SELinux denied access requested by /bin/mount. It is not expected that this access is required by /bin/mount and this access may signal an intrusion attempt. It is also possible that the specific version or configuration of the application is causing it to require additional access. Allowing Access You can generate a local policy module to allow this access - see http://fedora.redhat.com/docs/selinux-faq-fc5/#id2961385 Or you can disable SELinux protection altogether. Disabling SELinux protection is not recommended. Please file a http://bugzilla.redhat.com/bugzilla/enter_bug.cgi against this package. Additional Information Source Context user_u:system_r:mount_t Target Context system_u:object_r:unlabeled_t Target Objects / [ filesystem ] Affected RPM Packages util-linux-2.13-0.44.el5 [application]filesystem-2.4.0-1.el5.centos [target] Policy RPM selinux-policy-2.4.6-30.el5 Selinux Enabled True Policy Type targeted MLS Enabled True Enforcing Mode Enforcing Plugin Name plugins.catchall Host Name triss Platform Linux triss 2.6.18-8.1.14.el5xen #1 SMP Thu Sep 27 20:59:55 EDT 2007 i686 i686 Alert Count 2 Line Numbers Raw Audit Messages avc: denied { mount } for comm="mount" dev=dm-9 egid=0 euid=0 exe="/bin/mount" exit=-13 fsgid=0 fsuid=0 gid=0 items=0 name="/" pid=28402 scontext=user_u:system_r:mount_t:s0 sgid=0 subj=user_u:system_r:mount_t:s0 suid=0 tclass=filesystem tcontext=system_u:object_r:unlabeled_t:s0 tty=(none) uid=0 Setting selinux to permissive mitigates this problem. Version-Release number of selected component (if applicable): kernel-xen-2.6.18-8.1.14.el5 squashfs-tools-3.0-4 selinux-policy-targeted-2.4.6-30.el5 autofs-5.0.1-0.rc2.43.0.2 How reproducible: always Actual results: Cannot mount squashfs logical volume using autofs Expected results: Can mount squashfs logical volume using autofs Additional info: I've found it on CENTOS5, not RHEL5.
Fixed in selinux-policy-2.4.6-105