Getting avc denied messages for mounting iso images on loopback device
Paul Howarth
paul at city-fan.org
Wed Nov 29 13:02:22 UTC 2006
Srinivasa Ds wrote:
> Hi all
>
> I tried to mount an iso image on a loopback device in FC6,Iam getting
> this error.
>
> =======================
>
> audit(1164321995.887:79): avc: denied { read } for pid=2969
> comm="pam_console_app" name="/" dev=loop0 ino=1472
> scontext=system_u:system_r:pam_console_t:s0-s0:c0.c1023
> tcontext=system_u:object_r:iso9660_t:s0 tclass=dir
> audit(1164321995.887:80): avc: denied { read } for pid=2966
> comm="pam_console_app" name="/" dev=loop0 ino=1472
> scontext=system_u:system_r:pam_console_t:s0-s0:c0.c1023
> tcontext=system_u:object_r:iso9660_t:s0 tclass=dir
>
> =======================================================
>
> I was doing this operation through ssh.This works if selinux is disabled.
> Is there any fix for this??
I'm not seeing this, but then I use a context mount option in /etc/fstab
since I'm going to export the mounted ISOs using httpd:
/path/to/iso/my.iso /path/to/mountpoint iso9660
ro,loop,fscontext=system_u:object_r:public_content_t 0 0
Paul.
More information about the fedora-selinux-list
mailing list