Bug 449873 - SELinux prevented umount from mounting on the file or directory "/media/.hal-mtab-lock" (type "mnt_t").
Summary: SELinux prevented umount from mounting on the file or directory "/media/.hal-...
Keywords:
Status: CLOSED DUPLICATE of bug 447195
Alias: None
Product: Fedora
Classification: Fedora
Component: hal
Version: 9
Hardware: All
OS: Linux
low
low
Target Milestone: ---
Assignee: David Zeuthen
QA Contact: Fedora Extras Quality Assurance
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2008-06-04 01:28 UTC by Jon Dufresne
Modified: 2013-03-06 03:56 UTC (History)
4 users (show)

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed: 2008-06-04 15:29:20 UTC
Type: ---
Embargoed:

Attachments (Terms of Use)

Description Jon Dufresne 2008-06-04 01:28:30 UTC 
Description of problem:
Often times when I unmount my digital camera by right clicking on the volume
icon on the nautilus desktop I will get a SELinux error that reads as the text
below.

Summary:

SELinux prevented umount from mounting on the file or directory
"/media/.hal-mtab-lock" (type "mnt_t").

Detailed Description:

SELinux prevented umount from mounting a filesystem on the file or directory
"/media/.hal-mtab-lock" of type "mnt_t". By default SELinux limits the mounting
of filesystems to only some files or directories (those with types that have the
mountpoint attribute). The type "mnt_t" does not have this attribute. You can
either relabel the file or directory or set the boolean "allow_mount_anyfile" to
true to allow mounting on any file or directory.

Allowing Access:

Changing the "allow_mount_anyfile" boolean to true will allow this access:
"setsebool -P allow_mount_anyfile=1."

Fix Command:

setsebool -P allow_mount_anyfile=1

Additional Information:

Source Context                system_u:system_r:mount_t
Target Context                system_u:object_r:mnt_t
Target Objects                /media/.hal-mtab-lock [ file ]
Source                        umount
Source Path                   /bin/umount
Port                          <Unknown>
Host                          thedude.lebowski
Source RPM Packages           util-linux-ng-2.13.1-6.fc9
Target RPM Packages           
Policy RPM                    selinux-policy-3.3.1-55.fc9
Selinux Enabled               True
Policy Type                   targeted
MLS Enabled                   True
Enforcing Mode                Enforcing
Plugin Name                   allow_mount_anyfile
Host Name                     thedude.lebowski
Platform                      Linux thedude.lebowski 2.6.25.3-18.fc9.i686 #1 SMP
                              Tue May 13 05:38:53 EDT 2008 i686 i686
Alert Count                   5
First Seen                    Sun 01 Jun 2008 01:13:45 PM EDT
Last Seen                     Tue 03 Jun 2008 09:18:32 PM EDT
Local ID                      76bf61a2-04c7-4e9b-b7dd-f6aee13edb9a
Line Numbers                  

Raw Audit Messages            

host=thedude.lebowski type=AVC msg=audit(1212542312.532:37): avc:  denied  {
read write } for  pid=5587 comm="umount" path="/media/.hal-mtab-lock" dev=dm-0
ino=688652 scontext=system_u:system_r:mount_t:s0
tcontext=system_u:object_r:mnt_t:s0 tclass=file

host=thedude.lebowski type=SYSCALL msg=audit(1212542312.532:37): arch=40000003
syscall=11 success=yes exit=0 a0=804b14d a1=bff5ecc0 a2=bff5f23c a3=804b14d
items=0 ppid=5586 pid=5587 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0
egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="umount" exe="/bin/umount"
subj=system_u:system_r:mount_t:s0 key=(null)
Comment 1 Daniel Walsh 2008-06-04 15:29:20 UTC 

*** This bug has been marked as a duplicate of 447195 ***
Note You need to log in before you can comment on or make changes to this bug.