Bug 450165 - SELinux prevented umount from mounting on the file or directory "/media/.hal-mtab-lock" (type "mnt_t").
Summary: SELinux prevented umount from mounting on the file or directory "/media/.hal-...
Keywords:
Status: CLOSED DUPLICATE of bug 447195
Alias: None
Product: Fedora
Classification: Fedora
Component: hal
Version: 9
Hardware: All
OS: Linux
low
low
Target Milestone: ---
Assignee: David Zeuthen
QA Contact: Fedora Extras Quality Assurance
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2008-06-05 16:42 UTC by Andrig Miller
Modified: 2013-03-06 03:56 UTC (History)
2 users (show)

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed: 2008-06-05 18:24:59 UTC
Type: ---
Embargoed:

Attachments (Terms of Use)

Description Andrig Miller 2008-06-05 16:42:10 UTC 
Description of problem:

I'm getting an alert from the SE Linux troubleshooter applet, whenever I unmount
my external hard drive (mounted via firewire).

Version-Release number of selected component (if applicable):

3.3.1-55.fc9

How reproducible:

Every time.

Steps to Reproduce:
1. Mount external hard drive.
2. Unmount via right-click menu.
3.
  
Actual results:

I get the access denied.


Expected results:

Shouldn't get any access denied messages.


Additional info:


Summary:

SELinux prevented umount from mounting on the file or directory
"/media/.hal-mtab-lock" (type "mnt_t").

Detailed Description:

SELinux prevented umount from mounting a filesystem on the file or directory
"/media/.hal-mtab-lock" of type "mnt_t". By default SELinux limits the mounting
of filesystems to only some files or directories (those with types that have the
mountpoint attribute). The type "mnt_t" does not have this attribute. You can
either relabel the file or directory or set the boolean "allow_mount_anyfile" to
true to allow mounting on any file or directory.

Allowing Access:

Changing the "allow_mount_anyfile" boolean to true will allow this access:
"setsebool -P allow_mount_anyfile=1."

Fix Command:

setsebool -P allow_mount_anyfile=1

Additional Information:

Source Context                system_u:system_r:mount_t:s0
Target Context                system_u:object_r:mnt_t:s0
Target Objects                /media/.hal-mtab-lock [ file ]
Source                        umount
Source Path                   /bin/umount
Port                          <Unknown>
Host                          localhost.localdomain
Source RPM Packages           util-linux-ng-2.13.1-6.fc9
Target RPM Packages           
Policy RPM                    selinux-policy-3.3.1-55.fc9
Selinux Enabled               True
Policy Type                   targeted
MLS Enabled                   True
Enforcing Mode                Enforcing
Plugin Name                   allow_mount_anyfile
Host Name                     localhost.localdomain
Platform                      Linux localhost.localdomain 2.6.25.3-18.fc9.x86_64
                              #1 SMP Tue May 13 04:54:47 EDT 2008 x86_64 x86_64
Alert Count                   2
First Seen                    Tue 03 Jun 2008 01:24:01 PM MDT
Last Seen                     Thu 05 Jun 2008 09:51:03 AM MDT
Local ID                      b43b6172-4d99-4f95-ae91-9bbf1a2cfe72
Line Numbers                  

Raw Audit Messages            

host=localhost.localdomain type=AVC msg=audit(1212681063.131:183): avc:  denied
 { read write } for  pid=22910 comm="umount" path="/media/.hal-mtab-lock"
dev=dm-0 ino=16646146 scontext=system_u:system_r:mount_t:s0
tcontext=system_u:object_r:mnt_t:s0 tclass=file

host=localhost.localdomain type=SYSCALL msg=audit(1212681063.131:183):
arch=c000003e syscall=59 success=yes exit=0 a0=403665 a1=7fff306c7150
a2=7fff306c77d8 a3=0 items=0 ppid=22909 pid=22910 auid=4294967295 uid=0 gid=0
euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295
comm="umount" exe="/bin/umount" subj=system_u:system_r:mount_t:s0 key=(null)
Comment 1 Daniel Walsh 2008-06-05 18:24:59 UTC 

*** This bug has been marked as a duplicate of 447195 ***
Note You need to log in before you can comment on or make changes to this bug.