[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: Pam_mount and SELinux



On Wed, 2004-04-14 at 17:50, W. Michael Petullo wrote:
> I added a mounton rule, but this did not solve my problem.  I am
> especially confused by the fact that SELinux is not logging any failures.
> I would expect an "avc: denied" error.  This feels like a traditional
> Unix permissions issue but does not occur when SELinux is not enforcing
> its policies.

If you are trying to do this from user_r, then it will fail because the
user_r role is not presently authorized for the mount_t domain.  The
preferred approach would be to use the mount_domain() macro to define a
separate user_mount_t domain that is less privileged than the full
mount_t domain, and then authorize user_r for it.

-- 
Stephen Smalley <sds epoch ncsc mil>
National Security Agency


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]