Description of problem: Inserted thumb drive. Then unmounted using Gnome right-click menu to "unmount". Selinux alert box popped up. Text is: Summary: SELinux prevented umount from mounting on the file or directory "/media/.hal-mtab-lock" (type "mnt_t"). Detailed Description: SELinux prevented umount from mounting a filesystem on the file or directory "/media/.hal-mtab-lock" of type "mnt_t". By default SELinux limits the mounting of filesystems to only some files or directories (those with types that have the mountpoint attribute). The type "mnt_t" does not have this attribute. You can either relabel the file or directory or set the boolean "allow_mount_anyfile" to true to allow mounting on any file or directory. Allowing Access: Changing the "allow_mount_anyfile" boolean to true will allow this access: "setsebool -P allow_mount_anyfile=1." Fix Command: setsebool -P allow_mount_anyfile=1 Additional Information: Source Context system_u:system_r:mount_t:s0 Target Context system_u:object_r:mnt_t:s0 Target Objects /media/.hal-mtab-lock [ file ] Source umount Source Path /bin/umount Port <Unknown> Host localhost.localdomain Source RPM Packages util-linux-ng-2.13.1-6.fc9 Target RPM Packages Policy RPM selinux-policy-3.3.1-55.fc9 Selinux Enabled True Policy Type targeted MLS Enabled True Enforcing Mode Enforcing Plugin Name allow_mount_anyfile Host Name localhost.localdomain Platform Linux localhost.localdomain 2.6.25.3-18.fc9.i686 #1 SMP Tue May 13 05:38:53 EDT 2008 i686 i686 Alert Count 2 First Seen Mon 02 Jun 2008 09:04:06 PM EDT Last Seen Mon 02 Jun 2008 09:05:22 PM EDT Local ID db2b7bc8-f9d8-483d-81fb-211b2aef6c1d Line Numbers Raw Audit Messages host=localhost.localdomain type=AVC msg=audit(1212455122.644:57): avc: denied { read write } for pid=3475 comm="umount" path="/media/.hal-mtab-lock" dev=dm-0 ino=8314883 scontext=system_u:system_r:mount_t:s0 tcontext=system_u:object_r:mnt_t:s0 tclass=file host=localhost.localdomain type=SYSCALL msg=audit(1212455122.644:57): arch=40000003 syscall=11 success=yes exit=0 a0=804b14d a1=bfb486e0 a2=bfb48c5c a3=804b14d items=0 ppid=3474 pid=3475 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="umount" exe="/bin/umount" subj=system_u:system_r:mount_t:s0 key=(null) Version-Release number of selected component (if applicable): Full fresh install of F9, plus all updates applied as of this date. How reproducible: Totally. Every time I insert and then unmount it. Steps to Reproduce: 1. 2. 3. Actual results: Expected results: Additional info:
Follow up: I did try: setsebool -P allow_mount_anyfile=1 But that didn't fix it. Same error message pops up in the setroubleshooter browswer.
I have this problem when I try to umount my 8G Lexar thumbdrive, and so do users with bug 449873 and bug 449719 apparently. The problem occurs with both a manual 'umount /media/Lexar' and right-clicking to umount through Gnome's file browser. Judging from the text of the error, SELinux seems to think that umount is trying to mount a directory on .hal-mtab-lock.
*** This bug has been marked as a duplicate of 447195 ***