Bug 451071 - SELINUX denies user mount of windows HDD
SELINUX denies user mount of windows HDD
Status: CLOSED CURRENTRELEASE
Product: Fedora
Classification: Fedora
Component: selinux-policy (Show other bugs)
9
x86_64 Linux
low Severity low
: ---
: ---
Assigned To: Daniel Walsh
Fedora Extras Quality Assurance
:
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2008-06-12 13:10 EDT by Douglas Campbell
Modified: 2008-11-17 17:04 EST (History)
1 user (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2008-11-17 17:04:35 EST
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)

  None (edit)
Description Douglas Campbell 2008-06-12 13:10:40 EDT
Description of problem:
non-root user is denied ability to mount windows internal HDD.

Version-Release number of selected component (if applicable):
Fedora 9 x86_64

How reproducible:
every time


Steps to Reproduce:
1. Under Places, user selects windows media to mount
2. Dialog requests root password to continue.
3. User supplies correct password
Actual results:
setroubleshooter indicates avc denial for program
/usr/libexec/polkit-resolve-exe-helper

Expected results:
windows media is mounted and made available for use.


Additional info:
Source Context:  system_u:system_r:polkit_resolve_t:s0Target
Context:  unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023Target
Objects:  None [ process ]Source:  polkit-resolve-Source
Path:  /usr/libexec/polkit-resolve-exe-helperPort:  <Unknown>Host:  minkSource
RPM Packages:  PolicyKit-0.8-2.fc9Target RPM Packages:  Policy
RPM:  selinux-policy-3.3.1-62.fc9Selinux Enabled:  TruePolicy Type:  targetedMLS
Enabled:  TrueEnforcing Mode:  EnforcingPlugin Name:  catchallHost
Name:  minkPlatform:  Linux mink 2.6.25.4-30.fc9.x86_64 #1 SMP Wed May 21
17:34:18 EDT 2008 x86_64 x86_64Alert Count:  3First Seen:  Thu 12 Jun 2008
09:57:19 AM PDTLast Seen:  Thu 12 Jun 2008 10:06:52 AM PDTLocal
ID:  18896b9d-4ca5-4b10-af8d-c0de55f5ac09Line Numbers:  Raw Audit Messages
:host=mink type=AVC msg=audit(1213290412.723:885): avc: denied { ptrace } for
pid=21836 comm="polkit-resolve-" scontext=system_u:system_r:polkit_resolve_t:s0
tcontext=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 tclass=process
host=mink type=SYSCALL msg=audit(1213290412.723:885): arch=c000003e syscall=89
success=no exit=-13 a0=7fff6e8b3410 a1=7fff6e8b3470 a2=fff a3=7fff6e8b3190
items=0 ppid=2114 pid=21836 auid=4294967295 uid=0 gid=68 euid=0 suid=0 fsuid=0
egid=68 sgid=68 fsgid=68 tty=(none) ses=4294967295 comm="polkit-resolve-"
exe="/usr/libexec/polkit-resolve-exe-helper"
subj=system_u:system_r:polkit_resolve_t:s0 key=(null)
Comment 1 Daniel Walsh 2008-06-14 07:24:03 EDT
Fixed in selinux-policy-3.3.1-64.fc9.noarch
Comment 2 Daniel Walsh 2008-11-17 17:04:35 EST
Closing all bugs that have been in modified for over a month.  Please reopen if the bug is not actually fixed.

Note You need to log in before you can comment on or make changes to this bug.