Pam_mount and SELinux
Colin Walters
walters at redhat.com
Wed Apr 14 23:21:38 UTC 2004
On Wed, 2004-04-14 at 17:50, W. Michael Petullo wrote:
> I added a mounton rule, but this did not solve my problem. I am
> especially confused by the fact that SELinux is not logging any failures.
> I would expect an "avc: denied" error. This feels like a traditional
> Unix permissions issue but does not occur when SELinux is not enforcing
> its policies.
There are a few things that SELinux will deny but not generate a log
message for. is the big one. That's bitten me in the past.
In your particular case, if pam_mount is being run before su transitions
to the sysadm_r role, then you'll probably get denials from user_r not
being authorized for the mount_t domain.
Solution:
role $1_r types mount_t;
More information about the fedora-selinux-list
mailing list