type=1400 audit(1211930671.516:7): avc: denied { sys_module } for pid=2818 comm="mount.gfs2" capability=16 scontext=system_u:system_r:mount_t:s0-s0:c0.c1023 tcontext=system_u:system_r:mount_t:s0-s0:c0.c1023 tclass=capability
grrr having the mount command able to load system modules is just wrong... Can't we just have the kernel realize there are gfs2 file systems around and load the module? If I allow this, this would allow all confined domains that need to mount stuff the ability to load kernel modules.
Steve, What can we do to get these modules to auto load when we try to mount a gfs filesystem? (without doing it in mount.gfs2)
The modules do autoload when we mount a gfs2 filesystem. The problem is that mount.gfs2 requires the lock_dlm module to be loaded _before_ we mount the filesystem.
*** This bug has been marked as a duplicate of 435945 ***