Selinux disallows read-only loop mount of a file, but only at boot [SOLVED]
David
bouncingcats at gmail.com
Wed May 6 00:17:20 UTC 2009
On Wed, May 6, 2009 at 8:58 AM, Eamon Walsh <ewalsh at tycho.nsa.gov> wrote:
> David wrote:
>> I'm attempting to mount a loop device (a ro file) at boot using fstab.
>> My fstab entry works fine from the command line, but it fails at boot
>> time due to a selinux avc error. I assume this is due to incorrect
>> file context. The file is under a nonstandard top level directory, so
>> I need to specifically assign it the correct file context, which I
>> would do if I could figure out what it ought to be.
>
> mount_loopback_t.
Yes this works. Thank you to everyone who replied. Thanks Eamon for
nurturing my understanding of selinux, which is what I hoped for when
posting. I will explore your suggestions.
Actually I did notice "mount_loopback_t" early in my exploration. But
I naively ignored it due to my expectation that "loopback" refers to a
network interface, not a "loop" device as used by mount.
I did not realise how widespread it is to confuse these terms. The
word loopback does not appear in 'man 8 mount'. It really surprises me
that the selinux specification is not more precise on this usage.
Surely "mount_loopback_t" is a mistake, it should be named "mount_loop_t".
Some people are never happy!! ;-)
More information about the fedora-list
mailing list