[CentOS] Can an ISO be specified allow mount "setsebool -P allow_mount_iso=1" insted of "setsebool -P allow_mount_anyfile=1" SE context samba share
Frank Murphy
frankly3d at gmail.comSun Jul 13 10:42:37 UTC 2008
- Previous message: [CentOS] screen command
- Next message: [CentOS] Can an ISO be specified allow mount "setsebool -P allow_mount_iso=1" insted of "setsebool -P allow_mount_anyfile=1" SE context samba share
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Summary:
SELinux prevented mount from mounting on the file or directory
"./Fedora-9-Everything-i386-DVD1.iso" (type "samba_share_t").
Detailed Description:
SELinux prevented mount from mounting a filesystem on the file or
directory
"./Fedora-9-Everything-i386-DVD1.iso" of type "samba_share_t". By
default
SELinux limits the mounting of filesystems to only some files or
directories
(those with types that have the mountpoint attribute). The type
"samba_share_t"
does not have this attribute. You can either relabel the file or
directory or
set the boolean "allow_mount_anyfile" to true to allow mounting on any
file or
directory.
Allowing Access:
Changing the "allow_mount_anyfile" boolean to true will allow this
access:
"setsebool -P allow_mount_anyfile=1."
The following command will allow this access:
setsebool -P allow_mount_anyfile=1
Additional Information:
Source Context system_u:system_r:mount_t
Target Context user_u:object_r:samba_share_t
Target Objects ./Fedora-9-Everything-i386-DVD1.iso
[ file ]
Source mount
Source Path /bin/mount
Port <Unknown>
Host server-01
Source RPM Packages util-linux-2.13-0.47.el5
Target RPM Packages
Policy RPM selinux-policy-2.4.6-137.1.el5
Selinux Enabled True
Policy Type targeted
MLS Enabled True
Enforcing Mode Enforcing
Plugin Name allow_mount_anyfile
Host Name server-01
Platform Linux server-01 2.6.18-92.1.6.el5 #1 SMP
Wed Jun
25 13:49:24 EDT 2008 i686 athlon
Alert Count 3
First Seen Sun 13 Jul 2008 10:26:26 IST
Last Seen Sun 13 Jul 2008 11:07:49 IST
Local ID 268bdb54-5d8d-4c81-b7ba-0392b5cea34e
Line Numbers
Raw Audit Messages
host=server-01 type=AVC msg=audit(1215943669.186:14): avc: denied
{ write } for pid=2898 comm="mount"
name="Fedora-9-Everything-i386-DVD1.iso" dev=md2 ino=8585227
scontext=system_u:system_r:mount_t:s0
tcontext=user_u:object_r:samba_share_t:s0 tclass=file
host=server-01 type=SYSCALL msg=audit(1215943669.186:14): arch=40000003
syscall=5 success=no exit=-13 a0=9fd5450 a1=8002 a2=0 a3=8002 items=0
ppid=2877 pid=2898 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0
egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="mount"
exe="/bin/mount" subj=system_u:system_r:mount_t:s0 key=(null)
- Previous message: [CentOS] screen command
- Next message: [CentOS] Can an ISO be specified allow mount "setsebool -P allow_mount_iso=1" insted of "setsebool -P allow_mount_anyfile=1" SE context samba share
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
More information about the CentOS mailing list