Bug 451071 - SELINUX denies user mount of windows HDD
Summary: SELINUX denies user mount of windows HDD
Keywords:
Status: CLOSED CURRENTRELEASE
Alias: None
Product: Fedora
Classification: Fedora
Component: selinux-policy
Version: 9
Hardware: x86_64
OS: Linux
low
low
Target Milestone: ---
Assignee: Daniel Walsh
QA Contact: Fedora Extras Quality Assurance
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2008-06-12 17:10 UTC by Douglas Campbell
Modified: 2008-11-17 22:04 UTC (History)
1 user (show)

Fixed In Version:
Clone Of:
Environment:
Last Closed: 2008-11-17 22:04:35 UTC
Type: ---
Embargoed:


Attachments (Terms of Use)

Description Douglas Campbell 2008-06-12 17:10:40 UTC
Description of problem:
non-root user is denied ability to mount windows internal HDD.

Version-Release number of selected component (if applicable):
Fedora 9 x86_64

How reproducible:
every time


Steps to Reproduce:
1. Under Places, user selects windows media to mount
2. Dialog requests root password to continue.
3. User supplies correct password
Actual results:
setroubleshooter indicates avc denial for program
/usr/libexec/polkit-resolve-exe-helper

Expected results:
windows media is mounted and made available for use.


Additional info:
Source Context:  system_u:system_r:polkit_resolve_t:s0Target
Context:  unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023Target
Objects:  None [ process ]Source:  polkit-resolve-Source
Path:  /usr/libexec/polkit-resolve-exe-helperPort:  <Unknown>Host:  minkSource
RPM Packages:  PolicyKit-0.8-2.fc9Target RPM Packages:  Policy
RPM:  selinux-policy-3.3.1-62.fc9Selinux Enabled:  TruePolicy Type:  targetedMLS
Enabled:  TrueEnforcing Mode:  EnforcingPlugin Name:  catchallHost
Name:  minkPlatform:  Linux mink 2.6.25.4-30.fc9.x86_64 #1 SMP Wed May 21
17:34:18 EDT 2008 x86_64 x86_64Alert Count:  3First Seen:  Thu 12 Jun 2008
09:57:19 AM PDTLast Seen:  Thu 12 Jun 2008 10:06:52 AM PDTLocal
ID:  18896b9d-4ca5-4b10-af8d-c0de55f5ac09Line Numbers:  Raw Audit Messages
:host=mink type=AVC msg=audit(1213290412.723:885): avc: denied { ptrace } for
pid=21836 comm="polkit-resolve-" scontext=system_u:system_r:polkit_resolve_t:s0
tcontext=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 tclass=process
host=mink type=SYSCALL msg=audit(1213290412.723:885): arch=c000003e syscall=89
success=no exit=-13 a0=7fff6e8b3410 a1=7fff6e8b3470 a2=fff a3=7fff6e8b3190
items=0 ppid=2114 pid=21836 auid=4294967295 uid=0 gid=68 euid=0 suid=0 fsuid=0
egid=68 sgid=68 fsgid=68 tty=(none) ses=4294967295 comm="polkit-resolve-"
exe="/usr/libexec/polkit-resolve-exe-helper"
subj=system_u:system_r:polkit_resolve_t:s0 key=(null)

Comment 1 Daniel Walsh 2008-06-14 11:24:03 UTC
Fixed in selinux-policy-3.3.1-64.fc9.noarch

Comment 2 Daniel Walsh 2008-11-17 22:04:35 UTC
Closing all bugs that have been in modified for over a month.  Please reopen if the bug is not actually fixed.


Note You need to log in before you can comment on or make changes to this bug.