Bug 442074 - can't mount regular filesystems in GNOME under the livecd
can't mount regular filesystems in GNOME under the livecd
Product: Fedora
Classification: Fedora
Component: selinux-policy (Show other bugs)
All Linux
low Severity low
: ---
: ---
Assigned To: Daniel Walsh
Fedora Extras Quality Assurance
: 442130 (view as bug list)
Depends On:
  Show dependency treegraph
Reported: 2008-04-11 12:00 EDT by Bill Nottingham
Modified: 2014-03-16 23:13 EDT (History)
4 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Last Closed: 2008-04-14 09:26:37 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)

  None (edit)
Description Bill Nottingham 2008-04-11 12:00:35 EDT
Description of problem:

When booting the livecd, my box's /boot shows up both in 'Computer' and in the
'Places' menu. However, clicking on it doesn't do anything, and setroubleshoot says:

Raw Audit Messages :host=localhost.localdomain type=AVC
msg=audit(1207943537.35:16): avc: denied { getattr } for pid=3661
comm="polkit-resolve-" scontext=system_u:system_r:hald_t:s0
tcontext=system_u:system_r:hald_t:s0 tclass=process host=localhost.localdomain
type=SYSCALL msg=audit(1207943537.35:16): arch=c000003e syscall=0 success=no
exit=-13 a0=4 a1=1e432f0 a2=fff a3=0 items=0 ppid=2791 pid=3661 auid=4294967295
uid=0 gid=68 euid=0 suid=0 fsuid=0 egid=68 sgid=68 fsgid=68 tty=(none)
ses=4294967295 comm="polkit-resolve-"
exe="/usr/libexec/polkit-resolve-exe-helper" subj=system_u:system_r:hald_t:s0

Version-Release number of selected component (if applicable):

Comment 1 Josef Kubin 2008-04-11 15:09:14 EDT
My proposed fix:

--- serefpolicy-3.3.1/policy/modules/services/hal.te    2008-04-11
21:03:36.000000000 +0200
+++ serefpolicy-3.3.1.myFix/policy/modules/services/hal.te      2008-04-11
21:07:05.000000000 +0200
@@ -152,6 +152,8 @@
Comment 2 petrosyan 2008-04-11 23:12:26 EDT
*** Bug 442130 has been marked as a duplicate of this bug. ***
Comment 3 Daniel Walsh 2008-04-14 09:26:37 EDT
It is probably better to add

allow hald_t self:process getattr;

Rather then use the interface.

Fixed in selinux-policy-3.3.1-35.fc9

Note You need to log in before you can comment on or make changes to this bug.