Bug 433804 - initscript throws AVC, fails to mount fuse control filesystem
initscript throws AVC, fails to mount fuse control filesystem
Status: CLOSED RAWHIDE
Product: Fedora
Classification: Fedora
Component: fuse (Show other bugs)
rawhide
All Linux
low Severity low
: ---
: ---
Assigned To: Peter Lemenkov
Fedora Extras Quality Assurance
:
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2008-02-21 10:37 EST by Tom London
Modified: 2008-02-22 10:20 EST (History)
2 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2008-02-22 10:20:17 EST
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)

  None (edit)
Description Tom London 2008-02-21 10:37:17 EST
Description of problem:
After installing fuse-2.7.3-1.fc9.i386, on reboot I get:

Feb 21 07:13:51 localhost kernel: SELinux: initialized (dev fusectl, type
fusectl), not configured for labeling
Feb 21 07:13:51 localhost kernel: printk: 1 messages suppressed.
Feb 21 07:13:51 localhost kernel: type=1400 audit(1203606830.737:4): avc: 
denied  { mount } for  pid=2145 comm="mount" name="/" dev=fusectl ino=1
scontext=system_u:system_r:mount_t:s0 tcontext=system_u:object_r:unlabeled_t:s0
tclass=filesystem
Feb 21 07:13:51 localhost kernel: SELinux: initialized (dev fusectl, type
fusectl), not configured for labeling
Feb 21 07:13:51 localhost kernel: type=1400 audit(1203606830.742:5): avc: 
denied  { mount } for  pid=2145 comm="mount" name="/" dev=fusectl ino=1
scontext=system_u:system_r:mount_t:s0 tcontext=system_u:object_r:unlabeled_t:s0
tclass=filesystem
Feb 21 07:13:52 localhost auditd[2189]: Started dispatcher: /sbin/audispd pid: 2191

Not sure if it is related, but I have a ntfs-3g file system mounted in
/etc/fstab before the initscript runs.

Version-Release number of selected component (if applicable):
fuse-2.7.3-1.fc9.i386

How reproducible:
every reboot

Steps to Reproduce:
1.
2.
3.
  
Actual results:


Expected results:


Additional info:
Comment 1 Tom London 2008-02-21 10:47:34 EST
Booting with "enforcing=0" allows the "fuse control filesystem" mount to
succeed, but produces the same AVC.

Suspect shutdown throws an umount AVC as well.....
Comment 2 Daniel Walsh 2008-02-22 10:20:17 EST
Fixed in selinux-policy-3.2.9-2.fc9

Note You need to log in before you can comment on or make changes to this bug.