Summary: SELinux is preventing fusermount (xguest_t) "dac_override" xguest_t. Detailed Description: SELinux denied access requested by fusermount. It is not expected that this access is required by fusermount and this access may signal an intrusion attempt. It is also possible that the specific version or configuration of the application is causing it to require additional access. Allowing Access: You can generate a local policy module to allow this access - see FAQ (http://fedora.redhat.com/docs/selinux-faq-fc5/#id2961385) Or you can disable SELinux protection altogether. Disabling SELinux protection is not recommended. Please file a bug report (http://bugzilla.redhat.com/bugzilla/enter_bug.cgi) against this package. Additional Information: Source Context xguest_u:xguest_r:xguest_t:s0 Target Context xguest_u:xguest_r:xguest_t:s0 Target Objects None [ capability ] Source fusermount Source Path /bin/fusermount Port <Unknown> Host (removed) Source RPM Packages fuse-2.8.1-1.fc11 Target RPM Packages Policy RPM selinux-policy-3.6.12-85.fc11 Selinux Enabled True Policy Type targeted Enforcing Mode Enforcing Plugin Name catchall Host Name (removed) Platform Linux (removed) 2.6.30.9-90.fc11.i686.PAE #1 SMP Sat Oct 17 11:24:32 EDT 2009 i686 i686 Alert Count 20 First Seen St 28. október 2009, 13:15:59 CET Last Seen St 4. november 2009, 20:42:46 CET Local ID 13bd4308-cc95-456d-9d31-ee191aa75ea8 Line Numbers Raw Audit Messages node=(removed) type=AVC msg=audit(1257363766.373:16): avc: denied { dac_override } for pid=2486 comm="fusermount" capability=1 scontext=xguest_u:xguest_r:xguest_t:s0 tcontext=xguest_u:xguest_r:xguest_t:s0 tclass=capability node=(removed) type=AVC msg=audit(1257363766.373:16): avc: denied { dac_read_search } for pid=2486 comm="fusermount" capability=2 scontext=xguest_u:xguest_r:xguest_t:s0 tcontext=xguest_u:xguest_r:xguest_t:s0 tclass=capability node=(removed) type=SYSCALL msg=audit(1257363766.373:16): arch=40000003 syscall=5 success=no exit=-13 a0=804cb3c a1=98800 a2=804e160 a3=bfc5c0d0 items=0 ppid=2477 pid=2486 auid=501 uid=501 gid=501 euid=0 suid=0 fsuid=0 egid=501 sgid=501 fsgid=501 tty=(none) ses=1 comm="fusermount" exe="/bin/fusermount" subj=xguest_u:xguest_r:xguest_t:s0 key=(null) Hash String generated from selinux-policy-3.6.12-85.fc11,catchall,fusermount,xguest_t,xguest_t,capability,dac_override audit2allow suggests: #============= xguest_t ============== allow xguest_t self:capability { dac_read_search dac_override };
*** This bug has been marked as a duplicate of bug 538428 ***