Description of problem: Latest fuse update (fuse-2.7.3-2.fc8) now runs an initscript. With selinux, this fails. Version-Release number of selected component (if applicable): fuse-2.7.3-2.fc8 selinux-policy-3.0.8-87.fc8 How reproducible: Always Steps to Reproduce: [root@plum ~]# /etc/rc.d/init.d/fuse start Actual results: Loading fuse module. Mounting fuse control filesystem failed! fusectl not mounted Expected results: No error Additional info: mount -t fusectl fusectl /sys/fs/fuse/connections works. strace -f on the initscript call shows the failing call is 4047 mount("fusectl", "/sys/fs/fuse/connections", "fusectl"..., MS_MGC_VAL, NULL) = -1 EACCES (Permission denied) sealert applet says: Summary: SELinux is preventing mount (mount_t) "mount" to / (unlabeled_t). Detailed Description: SELinux denied access requested by mount. It is not expected that this access is required by mount and this access may signal an intrusion attempt. It is also possible that the specific version or configuration of the application is causing it to require additional access. Allowing Access: You can generate a local policy module to allow this access - see FAQ (http://fedora.redhat.com/docs/selinux-faq-fc5/#id2961385) Or you can disable SELinux protection altogether. Disabling SELinux protection is not recommended. Please file a bug report (http://bugzilla.redhat.com/bugzilla/enter_bug.cgi) against this package. Additional Information: Source Context system_u:system_r:mount_t:s0 Target Context system_u:object_r:unlabeled_t:s0 Target Objects / [ filesystem ] Source mount Source Path /bin/mount Port <Unknown> Host plum.home Source RPM Packages util-linux-ng-2.13.1-1.fc8 Target RPM Packages filesystem-2.4.11-1.fc8 Policy RPM selinux-policy-3.0.8-87.fc8 Selinux Enabled True Policy Type targeted MLS Enabled True Enforcing Mode Enforcing Plugin Name catchall Host Name plum.home Platform Linux plum.home 2.6.24.3-12.fc8 #1 SMP Tue Feb 26 14:21:30 EST 2008 x86_64 x86_64 Alert Count 4 First Seen Thu 13 Mar 2008 22:35:48 EST Last Seen Thu 13 Mar 2008 22:37:39 EST Local ID 35c4e379-a969-48c6-b501-05836c7bced1 Line Numbers Raw Audit Messages host=plum.home type=AVC msg=audit(1205408259.985:53): avc: denied { mount } for pid=4047 comm="mount" name="/" dev=fusectl ino=1 scontext=system_u:system_r:mount_t:s0 tcontext=system_u:object_r:unlabeled_t:s0 tclass=filesystem host=plum.home type=SYSCALL msg=audit(1205408259.985:53): arch=c000003e syscall=165 success=no exit=-13 a0=2aaaaacd9d10 a1=2aaaaacdb0d0 a2=2aaaaacdb100 a3=ffffffffc0ed0001 items=0 ppid=4032 pid=4047 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts3 comm="mount" exe="/bin/mount" subj=system_u:system_r:mount_t:s0 key=(null)
I am experiencing the same problem.
*** Bug 437420 has been marked as a duplicate of this bug. ***
I have the same problem.
Same here. Worked around with: # grep mount /var/log/messages | audit2allow -M mymount # semodule -i mymount.pp
I confirm the bug
This is probably a problem with SELinux policy - could the reporter reassigned the bug to the selinux-policy component, please? This should ensure it's dealt with promptly.
Actually I just reported this as a bug against SElinux before I stumbled across this report. https://bugzilla.redhat.com/show_bug.cgi?id=437634 Will mark this bug as a duplicate of 437634 even though this bug was reported first. *** This bug has been marked as a duplicate of 437634 ***
I got this exact same problem after the last system update. during system boot i get, fuse control file system failure