[FC5] New Partition help

mroselinux at eastgranby.k12.ct.us mroselinux at eastgranby.k12.ct.us
Sat Apr 8 20:04:54 UTC 2006 

> On Fri, 2006-04-07 at 21:24 -0400, mroselinux at eastgranby.k12.ct.us
> wrote:
>> As I indicated in a previous message, I am migrating a samba server from
>> FC3 to FC5 and have run into another SELINUX policy issue.  I have a
>> second hard drive with a single ext3 partition that I primarly use for
>> backups.  It is labeled /backup.  I did a mkdir /backup and entered the
>> appropriate line into fstab.  When I reboot, I get the following
>>
>> -----------------------------------------------------------------------
>>
>> Apr  7 21:08:11 localhost kernel: audit(1144458480.400:2): avc:  denied
>> {
>> getattr } for  pid=2036 comm="hald" name="/" dev=hdb1 ino=2
>> scontext=system_u:system_r:hald_t:s0
>> tcontext=system_u:object_r:file_t:s0
>> tclass=dir
>> Apr  7 21:08:11 localhost kernel: audit(1144458480.444:3): avc:  denied
>> {
>> getattr } for  pid=2036 comm="hald" name="/" dev=hdb1 ino=2
>> scontext=system_u:system_r:hald_t:s0
>> tcontext=system_u:object_r:file_t:s0
>> tclass=dir
>> Apr  7 21:08:11 localhost kernel: audit(1144458480.516:4): avc:  denied
>> {
>> getattr } for  pid=2036 comm="hald" name="/" dev=hdb1 ino=2
>> scontext=system_u:system_r:hald_t:s0
>> tcontext=system_u:object_r:file_t:s0
>> tclass=dir
>>
>> --------------------------------------------------------------------------
>>
>> What do I need to do to support the /backup partition with SELINUX?
>
> I have the same setup. :) Mine is labeled root_t it seems.
>
> [medieval at chaucer ~]$ ls -Zd /mnt/hdb1
> drwxr-xr-x  root     root     system_u:object_r:root_t         /mnt/hdb1
>
> Try this:
>
> chcon -t root_t /mnt/hdb1
>
> See if that helps. You can also do a "restorecon -R /mnt/hdb1" too I
> think.
>
> Bob
>
> --
> Bob Kashani
> http://www.gnome.org/~bobk/
>
>

Hi Bob,

Thanks for the reply.  My setup must be somewhat different from yours
because my second HD is /dev/hdb2.  In any event, here is screen copy of
what I tried.

[root at localhost ~]# ls -Zd /mnt/hdb1
ls: /mnt/hdb1: No such file or directory
[root at localhost ~]# ls -Zd /mnt/hdb1
ls: /mnt/hdb1: No such file or directory
[root at localhost ~]# ls -Zd /dev/hdb1
brw-r-----  root     disk     system_u:object_r:fixed_disk_device_t /dev/hdb1
[root at localhost ~]# df
Filesystem           1K-blocks      Used Available Use% Mounted on
/dev/mapper/VolGroup00-LogVol00
                      17775388   2423964  14433920  15% /
/dev/hda1               101086     14054     81813  15% /boot
/dev/hdb1             19243740    176288  18089900   1% /backup
tmpfs                   257324         0    257324   0% /dev/shm
[root at localhost ~]# ls -Zd /backup
drwxr-xr-x  root     root     system_u:object_r:file_t         /backup
[root at localhost ~]# restorecon /backup
[root at localhost ~]# ls -Zd /backup
drwxr-xr-x  root     root     system_u:object_r:default_t      /backup
[root at localhost ~]# chcon -t root_t /backup
[root at localhost ~]# ls -Zd /backup
drwxr-xr-x  root     root     system_u:object_r:root_t         /backup
[root at localhost ~]#

After the chcon and rebooting the system, the HAL denied messages did not
occur.  I still have more experimenting to do with data under /backup.

Regards,
Mark

More information about the fedora-selinux-list mailing list