[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: Pam_mount and SELinux



On Wed, 2004-04-14 at 17:50, W. Michael Petullo wrote:

> I added a mounton rule, but this did not solve my problem.  I am
> especially confused by the fact that SELinux is not logging any failures.
> I would expect an "avc: denied" error.  This feels like a traditional
> Unix permissions issue but does not occur when SELinux is not enforcing
> its policies.

There are a few things that SELinux will deny but not generate a log
message for.  is the big one.  That's bitten me in the past.

In your particular case, if pam_mount is being run before su transitions
to the sysadm_r role, then you'll probably get denials from user_r not
being authorized for the mount_t domain.

Solution:

role $1_r types mount_t;



[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]