Bug 450165 - SELinux prevented umount from mounting on the file or directory "/media/.hal-mtab-lock" (type "mnt_t").
SELinux prevented umount from mounting on the file or directory "/media/.hal-...
Status: CLOSED DUPLICATE of bug 447195
Product: Fedora
Classification: Fedora
Component: hal (Show other bugs)
All Linux
low Severity low
: ---
: ---
Assigned To: David Zeuthen
Fedora Extras Quality Assurance
Depends On:
  Show dependency treegraph
Reported: 2008-06-05 12:42 EDT by Andrig Miller
Modified: 2013-03-05 22:56 EST (History)
2 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Last Closed: 2008-06-05 14:24:59 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)

  None (edit)
Description Andrig Miller 2008-06-05 12:42:10 EDT
Description of problem:

I'm getting an alert from the SE Linux troubleshooter applet, whenever I unmount
my external hard drive (mounted via firewire).

Version-Release number of selected component (if applicable):


How reproducible:

Every time.

Steps to Reproduce:
1. Mount external hard drive.
2. Unmount via right-click menu.
Actual results:

I get the access denied.

Expected results:

Shouldn't get any access denied messages.

Additional info:


SELinux prevented umount from mounting on the file or directory
"/media/.hal-mtab-lock" (type "mnt_t").

Detailed Description:

SELinux prevented umount from mounting a filesystem on the file or directory
"/media/.hal-mtab-lock" of type "mnt_t". By default SELinux limits the mounting
of filesystems to only some files or directories (those with types that have the
mountpoint attribute). The type "mnt_t" does not have this attribute. You can
either relabel the file or directory or set the boolean "allow_mount_anyfile" to
true to allow mounting on any file or directory.

Allowing Access:

Changing the "allow_mount_anyfile" boolean to true will allow this access:
"setsebool -P allow_mount_anyfile=1."

Fix Command:

setsebool -P allow_mount_anyfile=1

Additional Information:

Source Context                system_u:system_r:mount_t:s0
Target Context                system_u:object_r:mnt_t:s0
Target Objects                /media/.hal-mtab-lock [ file ]
Source                        umount
Source Path                   /bin/umount
Port                          <Unknown>
Host                          localhost.localdomain
Source RPM Packages           util-linux-ng-2.13.1-6.fc9
Target RPM Packages           
Policy RPM                    selinux-policy-3.3.1-55.fc9
Selinux Enabled               True
Policy Type                   targeted
MLS Enabled                   True
Enforcing Mode                Enforcing
Plugin Name                   allow_mount_anyfile
Host Name                     localhost.localdomain
Platform                      Linux localhost.localdomain
                              #1 SMP Tue May 13 04:54:47 EDT 2008 x86_64 x86_64
Alert Count                   2
First Seen                    Tue 03 Jun 2008 01:24:01 PM MDT
Last Seen                     Thu 05 Jun 2008 09:51:03 AM MDT
Local ID                      b43b6172-4d99-4f95-ae91-9bbf1a2cfe72
Line Numbers                  

Raw Audit Messages            

host=localhost.localdomain type=AVC msg=audit(1212681063.131:183): avc:  denied
 { read write } for  pid=22910 comm="umount" path="/media/.hal-mtab-lock"
dev=dm-0 ino=16646146 scontext=system_u:system_r:mount_t:s0
tcontext=system_u:object_r:mnt_t:s0 tclass=file

host=localhost.localdomain type=SYSCALL msg=audit(1212681063.131:183):
arch=c000003e syscall=59 success=yes exit=0 a0=403665 a1=7fff306c7150
a2=7fff306c77d8 a3=0 items=0 ppid=22909 pid=22910 auid=4294967295 uid=0 gid=0
euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295
comm="umount" exe="/bin/umount" subj=system_u:system_r:mount_t:s0 key=(null)
Comment 1 Daniel Walsh 2008-06-05 14:24:59 EDT

*** This bug has been marked as a duplicate of 447195 ***

Note You need to log in before you can comment on or make changes to this bug.