Description of problem: When SELinux is in enforcing mode, pam_mount is not allowed to mount an encrypted home directory. It is not allowing /bin/mount to run. Strangely, using "su -" to log into the user from root will prompt for the password, then will correctly mount. Version-Release number of selected component (if applicable): Initial packages and policies in F8 final How reproducible: Everything time Steps to Reproduce: 1.Configure encrypted home directory 2.Edit /etc/security/pam_mount.conf 3.Try to login at console or via GDM Actual results: User logs in, but home directory is not mounted Expected results: User logs in, and home directory is mounted and accessed Additional info: SELinux messages - * setroubleshoot: #012 SELinux is preventing login (local_login_t) "execute_no_trans" to /bin/mount (mount_exec_t).#012 * setroubleshoot: #012 SELinux is preventing mount.crypt (local_login_t) "execute_no_trans" to /sbin/cryptsetup (lvm_exec_t).#012
Created attachment 253391 [details] AVCs from when I try to log into the user with encrypted home directory
Created attachment 253451 [details] More complete AVCs with additional audit messages
If you turn on the boolean allow_polyinstantiation, this should work. I will make mount_domtrans the default in the next version setsebool -P allow_polyinstantiation=1 Fixed in selinux-policy-3.0.8-51.fc8
Bulk closing a old selinux policy bugs that were in the modified state. If the bug is still not fixed. Please reopen.