Bug 442074 - can't mount regular filesystems in GNOME under the livecd
Summary: can't mount regular filesystems in GNOME under the livecd
Keywords:
Status: CLOSED RAWHIDE
Alias: None
Product: Fedora
Classification: Fedora
Component: selinux-policy
Version: rawhide
Hardware: All
OS: Linux
low
low
Target Milestone: ---
Assignee: Daniel Walsh
QA Contact: Fedora Extras Quality Assurance
URL:
Whiteboard:
: 442130 (view as bug list)
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2008-04-11 16:00 UTC by Bill Nottingham
Modified: 2014-03-17 03:13 UTC (History)
4 users (show)

Fixed In Version:
Clone Of:
Environment:
Last Closed: 2008-04-14 13:26:37 UTC
Type: ---
Embargoed:


Attachments (Terms of Use)

Description Bill Nottingham 2008-04-11 16:00:35 UTC
Description of problem:

When booting the livecd, my box's /boot shows up both in 'Computer' and in the
'Places' menu. However, clicking on it doesn't do anything, and setroubleshoot says:

Raw Audit Messages :host=localhost.localdomain type=AVC
msg=audit(1207943537.35:16): avc: denied { getattr } for pid=3661
comm="polkit-resolve-" scontext=system_u:system_r:hald_t:s0
tcontext=system_u:system_r:hald_t:s0 tclass=process host=localhost.localdomain
type=SYSCALL msg=audit(1207943537.35:16): arch=c000003e syscall=0 success=no
exit=-13 a0=4 a1=1e432f0 a2=fff a3=0 items=0 ppid=2791 pid=3661 auid=4294967295
uid=0 gid=68 euid=0 suid=0 fsuid=0 egid=68 sgid=68 fsgid=68 tty=(none)
ses=4294967295 comm="polkit-resolve-"
exe="/usr/libexec/polkit-resolve-exe-helper" subj=system_u:system_r:hald_t:s0
key=(null) 


Version-Release number of selected component (if applicable):

selinux-policy-3.3.1-33.fc9

Comment 1 Josef Kubin 2008-04-11 19:09:14 UTC
My proposed fix:

--- serefpolicy-3.3.1/policy/modules/services/hal.te    2008-04-11
21:03:36.000000000 +0200
+++ serefpolicy-3.3.1.myFix/policy/modules/services/hal.te      2008-04-11
21:07:05.000000000 +0200
@@ -152,6 +152,8 @@
 fs_list_auto_mountpoints(hald_t)
 files_getattr_all_mountpoints(hald_t)
 
+hal_getattr(hald_t)
+
 mls_file_read_all_levels(hald_t)
 
 selinux_get_fs_mount(hald_t)


Comment 2 petrosyan 2008-04-12 03:12:26 UTC
*** Bug 442130 has been marked as a duplicate of this bug. ***

Comment 3 Daniel Walsh 2008-04-14 13:26:37 UTC
It is probably better to add

allow hald_t self:process getattr;

Rather then use the interface.

Fixed in selinux-policy-3.3.1-35.fc9


Note You need to log in before you can comment on or make changes to this bug.