loopback mounting public_content_t (iso images)

Chuck Anderson cra at WPI.EDU
Thu Sep 27 15:05:33 UTC 2007


When I reboot my mirror server, I always get these avc's and it fails 
to automatically mount my iso's:

Sep 27 10:30:33 sinclair kernel: audit(1190903394.348:4): avc:  denied  
{ read } for  pid=4163 comm="mount" name="enigma-i386-disc1.iso" 
dev=dm-6 ino=191775508
scontext=system_u:system_r:mount_t:s0 
tcontext=system_u:object_r:public_content_t:s0 tclass=file

Here is the corresponding entry from /etc/fstab:

/srv/ftp/pub/linux/distributions/redhat/linux/7.2/en/iso/i386/enigma-i386-disc1.iso             
/srv/ftp/pub/mnt/enigma-i386-disc1              iso9660 
ro,context=system_u:object_r:public_content_t,loop=/dev/loop10,nosuid,nodev 0 0

I tried something like this in /etc/rc.d/rc.local:

# make loop devices 0-199 and redo mount
/usr/local/sbin/mkloops
mount -a

Where "mkloops" does this:

#!/bin/bash
#set -x
for i in 0 1; do
    for j in 0 1 2 3 4 5 6 7 8 9; do
        for k in 0 1 2 3 4 5 6 7 8 9; do
            n=$(echo ${i}${j}${k} | sed -e's/^0\+//g')
            [ -z $n ] && n=0
            [ ! -e /dev/loop${n} ] && mknod -m 0640 /dev/loop${n} b 7 
${n}
            chown root:disk /dev/loop${n}
        done
    done
done

Any suggestions on how to allow a file to be loop mounted and also 
shared via FTP/HTTP/RSYNC?

Thanks.




More information about the fedora-selinux-list mailing list