Chapter 6.2 Installation from a Hard Drive includes this instruction to copy the images/ directory to a local folder from the image: mount -t iso9660 /path/to/Fedora10.iso /mnt/point -o loop cp -a /mnt/point/images /path/images/ umount /mnt/point SELinux throws this error, recommending 'cp -P' instead of 'cp -a'. When using 'cp -P', the directory recursion doesn't work; only 'cp -Pr' seems to work. Summary: SELinux is preventing cp from creating a file with a context of iso9660_t on a filesystem. Detailed Description: SELinux is preventing cp from creating a file with a context of iso9660_t on a filesystem. Usually this happens when you ask the cp command to maintain the context of a file when copying between file systems, "cp -a" for example. Not all file contexts should be maintained between the file systems. For example, a read-only file type like iso9660_t should not be placed on a r/w system. "cp -P" might be a better solution, as this will adopt the default file context for the destination. Allowing Access: Use a command like "cp -P" to preserve all permissions except SELinux context. Additional Information: Source Context system_u:object_r:iso9660_t Target Context system_u:object_r:fs_t Target Objects images [ filesystem ] Source cp Source Path /bin/cp Port <Unknown> Host calliope.phig.org Source RPM Packages coreutils-6.9-19.fc8 Target RPM Packages Policy RPM selinux-policy-3.0.8-123.fc8 Selinux Enabled True Policy Type targeted MLS Enabled True Enforcing Mode Enforcing Plugin Name filesystem_associate Host Name calliope.phig.org Platform Linux calliope.phig.org 2.6.23.9-85.fc8 #1 SMP Fri Dec 7 15:49:59 EST 2007 i686 i686 Alert Count 1 First Seen Thu 27 Nov 2008 11:30:01 PM PST Last Seen Thu 27 Nov 2008 11:30:01 PM PST Local ID 08d5a096-af9f-46d5-818d-6b1a271637a3 Line Numbers Raw Audit Messages host=calliope.phig.org type=AVC msg=audit(1227857401.981:2933): avc: denied { associate } for pid=1520 comm="cp" name="images" scontext=system_u:object_r:iso9660_t:s0 tcontext=system_u:object_r:fs_t:s0 tclass=filesystem host=calliope.phig.org type=SYSCALL msg=audit(1227857401.981:2933): arch=40000003 syscall=39 success=no exit=-13 a0=bfcd5a5d a1=1c0 a2=8058394 a3=38c0 items=0 ppid=15176 pid=1520 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts12 comm="cp" exe="/bin/cp" subj=unconfined_u:system_r:unconfined_t:s0-s0:c0.c1023 key=(null)
*** Bug 478536 has been marked as a duplicate of this bug. ***
Updated - changed to cp -pr from cp -a cp -P doesn't seem to be what was intended - from the cp man page: -P, --no-dereference never follow symbolic links in SOURCE while -p: -p same as --preserve=mode,ownership,timestamps commit 7eb01bf617a4d9a901b0c857544a5e2d46d44490 Author: David Nalley <david> Date: Fri Mar 27 09:24:11 2009 -0400 fixing cp command arguments (from -a to -pr) to prevent selinux error for hard disk installation. reported in bug 478536 and 473384