Description of problem: SELinux deny access to disk without AVC. There are thee disks. See in attachment. FC9 is instaled to 200 gb disk sdb. On disk sda ( 120gb ) there are to partitions ( _tonlist and _ymislegt) which are created with older version off Fedora ( FC7). FC8 has no problem to show and read them.In FC9 preview with all updates then it is only possible to access the partitions on sda in permissive mod. After reebooting the partitions are viseble in Nautilus. When clicking on them in enforcing mod then nothing happens. There is no AVC warning. When SELinux is changed to permissive mode then it is possible to accesses the files on disk sda ( _tonlist and _ymislegt). Version-Release number of selected component (if applicable): selinux-policy-3.3.1-35.fc9.noarch How reproducible: Always Steps to Reproduce: 1. Install FC9 perview, update all 2. In Nautilus as user click on visible partitions on sda ( _tonlist and _ymislegt) Nothing happens. No AVC warnig. 3. Cannge SElinux to permissive mod. In Nautilus click on visible partitions on sda ( _tonlist and _ymislegt) Then Nautius shows content in sda ( _tonlist and _ymislegt). (Same effect is possible if logout user, log in as root, repeat 2., log root oyt and user in. then user can see sda as root could ) Actual results: In 2. nothing happes Expected results: in 2. then as in FC8 FC9 should show content on separate disk. Additional info: See bug 442823 also. FC9 has always behaved in this way. I am pretty sure. In SELinux there is no rule for "system_u:object_r:default_t:s0" files on disk sda ( _tonlist )
Created attachment 303831 [details] fdisk and ll fore /media
In a terminal can you execute id -Z
I was on vacation. Yes. But still no AVC and access to disk [floki@localhost ~]$ id -Z unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 [floki@localhost ~]$ [root@localhost ~]# id -Z unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 [root@localhost ~]#
semodule -DB will turn off all dontaudit rules, see if AVC's are generated then. semodule -B will turn them back on.
After [root@localhost ~]# semodule -DB then clik on /boot in places in Nautilus ( /dev/sdb1 194442 19592 164811 11% /boot ) there is no AVC and no access PS Disk /dev/sda: 120.0 GB is now corrupt
Hard to say, it looks as gremlins or ghosts in your box ... Is it somehow reliably reproducible? ie: 1) make partition(s) and format your 120GB hard drive or `# fsck.ext3 /dev/sdb` 2) mount it 3) # setenforce 0; setenforce 1; 4) ... (# semodule -DB; semodule -B) 5) a corruption of HDD has occured 6) --> 1) Thank you!
I would say you are having far more problems then just selinux. semodule -DB is just rebuilding and reloading policy, it should not corrupt the disk. I think your disk is going haywire.
Yes I believe that SELinux is not related to corruption of HDD. Now I can see 120gb disk in FC9 Nautilus in collume Places. In FC8 it is possible to access 120 gb disk. How the disk is readble agin I dot know. ( I mounted something in FC8 ) In FC9 it is not possible to access the disk. 3) # setenforce 0; setenforce 1; 4) ... (# semodule -DB; semodule -B) 5) a corruption of HDD has occured - corruption does not happen 6) --> 1) The corruption ( ?) off the disk is not related to SElinux. Now when in permissive mode it is possible to access (_tonlist ( on 120gb )) Stepps 3 and 4 give not access to disk (_tonlist) or AVC.
Se attachment off error when it was not possible to access disk.
Created attachment 304694 [details] mount problem