SE Linux preventing mounting an iso on FC5 through nfs
Matthew Shapiro
mshapiro at mail.ucf.edu
Thu Jan 11 21:04:21 UTC 2007
>>> Stephen Smalley <sds at tycho.nsa.gov> 01/11/07 3:07 PM >>>
>audit2allow -M local < /var/log/messages
>semodule -i local.pp
Wow that makes life simple. Thanks a lot!
>Did you look at the Fedora SELinux FAQ and wiki pages?
>http://fedora.redhat.com/docs/selinux-faq-fc5/
>http://fedoraproject.org/wiki/SELinux/
Actually I did not know about these (the HOWTO's I found was a policy
HOWTO and a general (focused on debian) SELinux introduction). This
look like great resources though.
> Are you actually using strict policy? It isn't the default in Fedora.
Ah that explains it. I actually got confused with the versions
(installed the strict src from fc3 by accident, targeted wouldn't
install) and that explains why my last attempt didn't work. I
confirmed and it is setup to use targeted. Though the loadable modules
that I now know about make doing this much easier anyways.
>nfs_t is a file type, not a process domain, and you want to allow
>mount_t to read nfs_t:file, not transition into it.
Gotcha. From the documentation I read it made it seem like the _t
denoted a domain. Guess I have some more reading to do to fully
understand everything that is going on.
Thanks for your help and quick response! It's now working, and I"m
going to do some more research to learn more about SE Linux now that I'm
not fighting with it :)
--Matthew Shapiro
More information about the fedora-selinux-list
mailing list