Bug 449873 - SELinux prevented umount from mounting on the file or directory "/media/.hal-mtab-lock" (type "mnt_t").
SELinux prevented umount from mounting on the file or directory "/media/.hal-...
Status: CLOSED DUPLICATE of bug 447195
Product: Fedora
Classification: Fedora
Component: hal (Show other bugs)
9
All Linux
low Severity low
: ---
: ---
Assigned To: David Zeuthen
Fedora Extras Quality Assurance
:
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2008-06-03 21:28 EDT by Jon Dufresne
Modified: 2013-03-05 22:56 EST (History)
4 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2008-06-04 11:29:20 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)

  None (edit)
Description Jon Dufresne 2008-06-03 21:28:30 EDT
Description of problem:
Often times when I unmount my digital camera by right clicking on the volume
icon on the nautilus desktop I will get a SELinux error that reads as the text
below.

Summary:

SELinux prevented umount from mounting on the file or directory
"/media/.hal-mtab-lock" (type "mnt_t").

Detailed Description:

SELinux prevented umount from mounting a filesystem on the file or directory
"/media/.hal-mtab-lock" of type "mnt_t". By default SELinux limits the mounting
of filesystems to only some files or directories (those with types that have the
mountpoint attribute). The type "mnt_t" does not have this attribute. You can
either relabel the file or directory or set the boolean "allow_mount_anyfile" to
true to allow mounting on any file or directory.

Allowing Access:

Changing the "allow_mount_anyfile" boolean to true will allow this access:
"setsebool -P allow_mount_anyfile=1."

Fix Command:

setsebool -P allow_mount_anyfile=1

Additional Information:

Source Context                system_u:system_r:mount_t
Target Context                system_u:object_r:mnt_t
Target Objects                /media/.hal-mtab-lock [ file ]
Source                        umount
Source Path                   /bin/umount
Port                          <Unknown>
Host                          thedude.lebowski
Source RPM Packages           util-linux-ng-2.13.1-6.fc9
Target RPM Packages           
Policy RPM                    selinux-policy-3.3.1-55.fc9
Selinux Enabled               True
Policy Type                   targeted
MLS Enabled                   True
Enforcing Mode                Enforcing
Plugin Name                   allow_mount_anyfile
Host Name                     thedude.lebowski
Platform                      Linux thedude.lebowski 2.6.25.3-18.fc9.i686 #1 SMP
                              Tue May 13 05:38:53 EDT 2008 i686 i686
Alert Count                   5
First Seen                    Sun 01 Jun 2008 01:13:45 PM EDT
Last Seen                     Tue 03 Jun 2008 09:18:32 PM EDT
Local ID                      76bf61a2-04c7-4e9b-b7dd-f6aee13edb9a
Line Numbers                  

Raw Audit Messages            

host=thedude.lebowski type=AVC msg=audit(1212542312.532:37): avc:  denied  {
read write } for  pid=5587 comm="umount" path="/media/.hal-mtab-lock" dev=dm-0
ino=688652 scontext=system_u:system_r:mount_t:s0
tcontext=system_u:object_r:mnt_t:s0 tclass=file

host=thedude.lebowski type=SYSCALL msg=audit(1212542312.532:37): arch=40000003
syscall=11 success=yes exit=0 a0=804b14d a1=bff5ecc0 a2=bff5f23c a3=804b14d
items=0 ppid=5586 pid=5587 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0
egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="umount" exe="/bin/umount"
subj=system_u:system_r:mount_t:s0 key=(null)
Comment 1 Daniel Walsh 2008-06-04 11:29:20 EDT

*** This bug has been marked as a duplicate of 447195 ***

Note You need to log in before you can comment on or make changes to this bug.