Red Hat Bugzilla – Bug 426785
pam_mount cannot mount encrypted volumes with SELinux enabled
Last modified: 2008-08-02 19:40:36 EDT
Description of problem:
If SELinux is in enforcing mode, pam_mount cannot mount encrypted volumes during
Version-Release number of selected component (if applicable):
Steps to Reproduce:
1. Install pam_mount, set up encrypted volumes with cryptsetup luksFormat using
joe's login password, and add something like this in /etc/security/pam_mount.conf:
volume joe crypt - /dev/vg1/home-joe /home/joe noatime - -
volume joe crypt - /dev/vg1/pgsql-data /var/lib/pgsql/data noatime - -
2. Log in as user joe
3. Neither the home directory nor /var/lib/pgsql/data are mounted
/var/log/messages contains entries about SELinux denying various mount operations.
pam_mount should work with the targeted SELinux policy.
Attached are the AVC messages, and a SELinux module generated with audit2allow,
with which pam_mount works.
Created attachment 290404 [details]
avc denied messages
Created attachment 290405 [details]
SELinux module generated with audit2allow
Hey Daniel, can you maybe help here? Pam_mount already contains some selinux
files, should I just append attachment #290405 [details] there or do you like to add the
policy for pam_mount to the big policy?
This should be fixed in