Additional info: libreport version: 2.0.13 kernel: 3.5.3-1.fc17.x86_64 description: :SELinux is preventing /usr/sbin/mount.ecryptfs_private from 'write' accesses on the key . : :***** Plugin catchall (100. confidence) suggests *************************** : :If you believe that mount.ecryptfs_private should be allowed write access on the key by default. :Then you should report this as a bug. :You can generate a local policy module to allow this access. :Do :allow this access for now by executing: :# grep umount.ecryptfs /var/log/audit/audit.log | audit2allow -M mypol :# semodule -i mypol.pp : :Additional Information: :Source Context system_u:system_r:mount_t:s0-s0:c0.c1023 :Target Context unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1 : 023 :Target Objects [ key ] :Source umount.ecryptfs :Source Path /usr/sbin/mount.ecryptfs_private :Port <Unknown> :Host (removed) :Source RPM Packages ecryptfs-utils-100-1.fc17.x86_64 :Target RPM Packages :Policy RPM selinux-policy-3.10.0-146.fc17.noarch :Selinux Enabled True :Policy Type targeted :Enforcing Mode Enforcing :Host Name (removed) :Platform Linux (removed) 3.5.3-1.fc17.x86_64 #1 SMP Wed Aug : 29 18:46:34 UTC 2012 x86_64 x86_64 :Alert Count 2 :First Seen 2012-09-20 04:50:33 PDT :Last Seen 2012-09-20 04:50:33 PDT :Local ID 1aae16ef-6c04-4fa2-85d6-3900242d87fa : :Raw Audit Messages :type=AVC msg=audit(1348141833.635:173): avc: denied { write } for pid=3931 comm="umount.ecryptfs" scontext=system_u:system_r:mount_t:s0-s0:c0.c1023 tcontext=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 tclass=key : : :type=SYSCALL msg=audit(1348141833.635:173): arch=x86_64 syscall=keyctl success=no exit=EACCES a0=9 a1=2d6082f8 a2=fffffffc a3=3bf64ede39 items=0 ppid=1287 pid=3931 auid=1002 uid=1002 gid=1002 euid=1002 suid=0 fsuid=1002 egid=1002 sgid=1002 fsgid=1002 tty=(none) ses=8 comm=umount.ecryptfs exe=/usr/sbin/mount.ecryptfs_private subj=system_u:system_r:mount_t:s0-s0:c0.c1023 key=(null) : :Hash: umount.ecryptfs,mount_t,unconfined_t,key,write : :audit2allow : :#============= mount_t ============== :allow mount_t unconfined_t:key write; : :audit2allow -R : :#============= mount_t ============== :allow mount_t unconfined_t:key write; :
Created attachment 614969 [details] File: type
Created attachment 614970 [details] File: hashmarkername
d10c262e4eb5faab1f2765df1e367efeed28789a allows this access.
commit 48511b8b001ceb5401c26f3e443fb318c731757a Author: Miroslav Grepl <mgrepl> Date: Wed Oct 17 10:00:22 2012 +0200 Looks like mount needs to write to key files of domains that transition to it
selinux-policy-3.10.0-156.fc17 has been submitted as an update for Fedora 17. https://admin.fedoraproject.org/updates/selinux-policy-3.10.0-156.fc17
Package selinux-policy-3.10.0-156.fc17: * should fix your issue, * was pushed to the Fedora 17 testing repository, * should be available at your local mirror within two days. Update it with: # su -c 'yum update --enablerepo=updates-testing selinux-policy-3.10.0-156.fc17' as soon as you are able to. Please go to the following url: https://admin.fedoraproject.org/updates/FEDORA-2012-16347/selinux-policy-3.10.0-156.fc17 then log in and leave karma (feedback).
selinux-policy-3.10.0-156.fc17 has been pushed to the Fedora 17 stable repository. If problems still persist, please make note of it in this bug report.