First Last Prev Next    This bug is not in your last search results.
Bug 442074 - can't mount regular filesystems in GNOME under the livecd
can't mount regular filesystems in GNOME under the livecd
Status: CLOSED RAWHIDE
Product: Fedora
Classification: Fedora
Component: selinux-policy (Show other bugs)
rawhide
All Linux
low Severity low
: ---
: ---
Assigned To: Daniel Walsh
Fedora Extras Quality Assurance
:
: 442130 (view as bug list)
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2008-04-11 12:00 EDT by Bill Nottingham
Modified: 2014-03-16 23:13 EDT (History)
4 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2008-04-14 09:26:37 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)
Add an attachment (proposed patch, testcase, etc.)

  None (edit)
Description Bill Nottingham 2008-04-11 12:00:35 EDT 
Description of problem:

When booting the livecd, my box's /boot shows up both in 'Computer' and in the
'Places' menu. However, clicking on it doesn't do anything, and setroubleshoot says:

Raw Audit Messages :host=localhost.localdomain type=AVC
msg=audit(1207943537.35:16): avc: denied { getattr } for pid=3661
comm="polkit-resolve-" scontext=system_u:system_r:hald_t:s0
tcontext=system_u:system_r:hald_t:s0 tclass=process host=localhost.localdomain
type=SYSCALL msg=audit(1207943537.35:16): arch=c000003e syscall=0 success=no
exit=-13 a0=4 a1=1e432f0 a2=fff a3=0 items=0 ppid=2791 pid=3661 auid=4294967295
uid=0 gid=68 euid=0 suid=0 fsuid=0 egid=68 sgid=68 fsgid=68 tty=(none)
ses=4294967295 comm="polkit-resolve-"
exe="/usr/libexec/polkit-resolve-exe-helper" subj=system_u:system_r:hald_t:s0
key=(null) 


Version-Release number of selected component (if applicable):

selinux-policy-3.3.1-33.fc9
Comment 1 Josef Kubin 2008-04-11 15:09:14 EDT 
My proposed fix:

--- serefpolicy-3.3.1/policy/modules/services/hal.te    2008-04-11
21:03:36.000000000 +0200
+++ serefpolicy-3.3.1.myFix/policy/modules/services/hal.te      2008-04-11
21:07:05.000000000 +0200
@@ -152,6 +152,8 @@
 fs_list_auto_mountpoints(hald_t)
 files_getattr_all_mountpoints(hald_t)
 
+hal_getattr(hald_t)
+
 mls_file_read_all_levels(hald_t)
 
 selinux_get_fs_mount(hald_t)
Comment 2 petrosyan 2008-04-11 23:12:26 EDT 
*** Bug 442130 has been marked as a duplicate of this bug. ***
Comment 3 Daniel Walsh 2008-04-14 09:26:37 EDT 
It is probably better to add

allow hald_t self:process getattr;

Rather then use the interface.

Fixed in selinux-policy-3.3.1-35.fc9
Note You need to log in before you can comment on or make changes to this bug.
First Last Prev Next    This bug is not in your last search results.