Bug 835793 - Polyinstatiation and Nautilus, no mounted CD and USB
Polyinstatiation and Nautilus, no mounted CD and USB
Status: CLOSED CANTFIX
Product: Red Hat Enterprise Linux 6
Classification: Red Hat
Component: pam (Show other bugs)
6.1
x86_64 Linux
medium Severity medium
: rc
: ---
Assigned To: Tomas Mraz
BaseOS QE Security Team
:
Depends On:
Blocks: 782183
  Show dependency treegraph
 
Reported: 2012-06-27 02:55 EDT by Andrey_Manko
Modified: 2017-11-14 03:26 EST (History)
2 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2013-04-12 06:59:56 EDT
Type: Bug
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)

  None (edit)
Description Andrey_Manko 2012-06-27 02:55:29 EDT
Description of problem:
When I experimented around with pam_namespace, I found a bug. I have rhel 6.1.
I installed SElinux policy-mls and  edited the file /etc/security/namespace.conf.
I rebooted the system, logged in user, open the "computer:///" in Nautilus. I double-click on CD-ROM icon or USB-flash icon, Nautilus pops up a dialog box that says "Internal error: No mount object for mounted volume".   

Version-Release number of selected component (if applicable):

$ cat /etc/redhat-release 
Red Hat Enterprise Linux Server release 6.1


$ rpm -qa | grep pam
pam_pkcs11-0.6.2-11.1.el6.x86_64
pam-devel-1.1.1-8.el6.x86_64
gnome-keyring-pam-2.28.2-6.el6.x86_64
pam-1.1.1-8.el6.x86_64
spamassassin-3.3.1-2.el6.x86_64
fprintd-pam-0.1-19.git04fd09cfa.el6.x86_64
pam_passwdqc-1.0.5-6.el6.x86_64
pam_krb5-2.3.11-6.el6.x86_64$ 


rpm -qa | grep nautilus
nautilus-sendto-2.28.2-3.el6.x86_64
totem-nautilus-2.28.6-2.el6.x86_64
nautilus-2.28.4-15.el6.x86_64
brasero-nautilus-2.28.3-6.el6.x86_64
nautilus-open-terminal-0.17-3.el6.x86_64
nautilus-extensions-2.28.4-15.el6.x86_64

$ rpm -qa | grep mls
selinux-policy-mls-3.7.19-93.el6.noarch


How reproducible:
Always

Steps to Reproduce:
1. yum install selinux-policy-mls-3.7.19-93.el6.noarch.rpm
2. vim /etc/selinux/config

SELINUX=permissive

3. vim /etc/security/namespace.conf

/tmp     /tmp-inst/       	level      root,adm
/var/tmp /var/tmp/tmp-inst/   	level      root,adm
$HOME    $HOME/$USER.inst/      level      root,adm

4.
# mkdir /tmp/tmp-inst 
# mkdir /var/tmp/tmp-inst 
# chown root:root /tmp/tmp-inst /var/tmp/tmp-inst 
# chmod 000 /tmp/tmp-inst /var/tmp/tmp-inst

5. useradd user1
6. passwd user1
7. reboot
8. log in user1
9. put CD into drive
10.put USB-flash into USB-port
9. open "computer:///" in Nautilus
10. double-click double-click on CD-ROM icon or USB-flash icon


  
Actual results:
Nautilus pops up a dialog box that says "Internal error: No mount object for mounted volume".

Expected results:

Nautilus correct mount CD or USB-Flash /media/name...
Should display directory


Additional info:
Comment 2 Tomas Mraz 2012-06-27 18:27:32 EDT
You have to make the / mount point rshared. Otherwise the mounts outside the namespace cannot propagate. And once you do it you also have to mark the individual polyinstantiated directories private.

mount --make-rshared /
mount --make-private /tmp
mount --make-private /var/tmp
mount --make-private <home> (for each homedir)
Comment 3 Andrey_Manko 2012-06-28 03:40:22 EDT
Thanks =)

mount --make-shared /
mount --bind /tmp /tmp
mount --make-private /tmp
mount --bind /var/tmp /var/tmp
for i in /home/* 
do mount --bind $i $i 
do mount --make-private $i
done
Comment 4 RHEL Product and Program Management 2012-12-14 01:57:06 EST
This request was not resolved in time for the current release.
Red Hat invites you to ask your support representative to
propose this request, if still desired, for consideration in
the next release of Red Hat Enterprise Linux.

Note You need to log in before you can comment on or make changes to this bug.