Description of problem: If SELinux is in enforcing mode, pam_mount cannot mount encrypted volumes during login. Version-Release number of selected component (if applicable): pam_mount-0.18-2.fc8 selinux-policy-targeted-3.0.8-69.fc8 How reproducible: always Steps to Reproduce: 1. Install pam_mount, set up encrypted volumes with cryptsetup luksFormat using joe's login password, and add something like this in /etc/security/pam_mount.conf: volume joe crypt - /dev/vg1/home-joe /home/joe noatime - - volume joe crypt - /dev/vg1/pgsql-data /var/lib/pgsql/data noatime - - 2. Log in as user joe 3. Neither the home directory nor /var/lib/pgsql/data are mounted Actual results: /var/log/messages contains entries about SELinux denying various mount operations. Expected results: pam_mount should work with the targeted SELinux policy. Additional info: Attached are the AVC messages, and a SELinux module generated with audit2allow, with which pam_mount works.
Created attachment 290404 [details] avc denied messages
Created attachment 290405 [details] SELinux module generated with audit2allow
Hey Daniel, can you maybe help here? Pam_mount already contains some selinux files, should I just append attachment #290405 [details] there or do you like to add the policy for pam_mount to the big policy?
This should be fixed in selinux-policy-3.0.8-74.fc8