sharing a partition betweed FC3 and FC5

Stephen Smalley sds at tycho.nsa.gov
Mon Aug 7 14:32:17 UTC 2006


On Mon, 2006-08-07 at 10:06 -0400, Stephen Smalley wrote:
> On Sun, 2006-08-06 at 19:26 +0100, Paul Howarth wrote:
> > On Sun, 2006-08-06 at 01:38 -0400, D. Hugh Redelmeier wrote:
> > > [I sent this to fedora-list at redhat.com a couple of minutes ago.  I 
> > > apologize for cross-posting.]
> > > 
> > > I installed 32-bit Fedora Core 5 on an Athlon-64 box.  I intended this
> > > installation to co-exist with a 64-bit Fedora Core 3 installation.
> > > The two installations share a /home ext3 partition and the swap partition.
> > > This is often how I do upgrades: a dual boot system with both old and
> > > new bootable.
> > > 
> > > The problem is that the FC5 installation did something to
> > > the /home partition that prevents the FC3 from mounting it.
> > > 
> > > When I manually try a mount of /home from FC3, the useless
> > > mount-failure message is preceded by these messages.  I think that
> > > they are the key:
> > > 
> > >     inode_doinit_with_dentry:  context_to_sid(system_u:object_r:home_root_t:s0) returned 22 for dev=hda5 ino=2
> > >     inode_doinit_with_dentry:  context_to_sid(system_u:object_r:home_root_t:s0) returned 22 for dev=hda5 ino=2
> > > 
> > > (In dmesg, these two messages were preceded by these that might be relevant:
> > >     kjournald starting.  Commit interval 5 seconds
> > >     EXT3 FS on hda5, internal journal
> > >     EXT3-fs: mounted filesystem with ordered data mode.
> > >     SELinux: initialized (dev hda5, type ext3), uses xattr
> > > )
> > > 
> > > (The useless mount failure message is:
> > >   mount: wrong fs type, bad option, bad superblock on /dev/hda5
> > >          or too many mounted file systems
> > >  This message is disgracefully non-specific.)
> > > 
> > > I think that this is a problem with SELinux.  The following thread
> > > looks relevant but unhelpful:
> > >   http://www.redhat.com/archives/fedora-selinux-list/2006-April/msg00002.html
> > > It provides a solution (I hope) for FC4 but FC3 would not have such an update.
> > 
> > I think you're right; the underlying issue is that FC5 file contexts
> > have 4 parts and FC4 and earlier have 3 parts (the extra part being for
> > MLS). The fix for FC4 was to apply a patch so that the kernel could deal
> > with (though probably not use) the MLS part. With FC3 now supported by
> > the Fedora Legacy project, who only usually do updates for security
> > issues, I think the chances of this getting fixed by them for FC3 are
> > slim to none.
> > 
> > You might be able to find the MLS patch in the FC4 kernel and see if you
> > could get it to apply on the FC3 kernel though.
> > 
> > > I tried using enforcing=0 on the FC3 kernel command line, but nothing changed.
> > > 
> > > I thought ext3 was compatible between Fedora releases.  Unfortunately,
> > > SELinux seems to have made things a lot more brittle.
> > > 
> > > ==> Is there something simple that I can do to allow the existing
> > >     /home ext3 partition to be shared between FC3 and FC5?
> > 
> > Can't think of any offhand.
> 
> Unfortunately, aside from patching your FC3 kernel and rebuilding it, I
> think your only option is to disable SELinux for FC3 altogether, i.e.
> boot it with selinux=0 or set SELINUX=disabled in /etc/selinux/config.  

Note btw that SELinux is broken in FC3 anyway if you ever try using a
modern kernel (>= 2.6.14), unless you also update your policy toolchain
and policy to something more modern.

-- 
Stephen Smalley
National Security Agency




More information about the fedora-selinux-list mailing list