[CentOS] Can an ISO be specified allow mount "setsebool -P allow_mount_iso=1" insted of "setsebool -P allow_mount_anyfile=1" SE context samba share

Frank Murphy frankly3d at gmail.com
Sun Jul 13 10:42:37 UTC 2008


SELinux prevented mount from mounting on the file or directory
"./Fedora-9-Everything-i386-DVD1.iso" (type "samba_share_t").

Detailed Description:

SELinux prevented mount from mounting a filesystem on the file or
"./Fedora-9-Everything-i386-DVD1.iso" of type "samba_share_t". By
SELinux limits the mounting of filesystems to only some files or
(those with types that have the mountpoint attribute). The type
does not have this attribute. You can either relabel the file or
directory or
set the boolean "allow_mount_anyfile" to true to allow mounting on any
file or

Allowing Access:

Changing the "allow_mount_anyfile" boolean to true will allow this
"setsebool -P allow_mount_anyfile=1."

The following command will allow this access:

setsebool -P allow_mount_anyfile=1

Additional Information:

Source Context                system_u:system_r:mount_t
Target Context                user_u:object_r:samba_share_t
Target Objects                ./Fedora-9-Everything-i386-DVD1.iso
[ file ]
Source                        mount
Source Path                   /bin/mount
Port                          <Unknown>
Host                          server-01
Source RPM Packages           util-linux-2.13-0.47.el5
Target RPM Packages           
Policy RPM                    selinux-policy-2.4.6-137.1.el5
Selinux Enabled               True
Policy Type                   targeted
MLS Enabled                   True
Enforcing Mode                Enforcing
Plugin Name                   allow_mount_anyfile
Host Name                     server-01
Platform                      Linux server-01 2.6.18-92.1.6.el5 #1 SMP
Wed Jun
                              25 13:49:24 EDT 2008 i686 athlon
Alert Count                   3
First Seen                    Sun 13 Jul 2008 10:26:26 IST
Last Seen                     Sun 13 Jul 2008 11:07:49 IST
Local ID                      268bdb54-5d8d-4c81-b7ba-0392b5cea34e
Line Numbers                  

Raw Audit Messages            

host=server-01 type=AVC msg=audit(1215943669.186:14): avc:  denied
{ write } for  pid=2898 comm="mount"
name="Fedora-9-Everything-i386-DVD1.iso" dev=md2 ino=8585227
tcontext=user_u:object_r:samba_share_t:s0 tclass=file

host=server-01 type=SYSCALL msg=audit(1215943669.186:14): arch=40000003
syscall=5 success=no exit=-13 a0=9fd5450 a1=8002 a2=0 a3=8002 items=0
ppid=2877 pid=2898 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0
egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="mount"
exe="/bin/mount" subj=system_u:system_r:mount_t:s0 key=(null)

More information about the CentOS mailing list