SELinux concerning /home symlink?
Paul Howarth
paul at city-fan.org
Wed Jul 30 14:05:45 UTC 2008
Eric Paris wrote:
> On Wed, 2008-07-30 at 12:18 +0100, Paul Howarth wrote:
>
>> The underlying problem is that "mount", when run confined by SELinux, is
>> only allowed to mount filesystems on mount points that have specific
>> context types, such as mnt_t. If you set up your partitioning at install
>> time, the installer generally sets the context types of the directories
>> to be used as mount points correctly. However, if you change your
>> filesystem arrangement at a later date then the mount point directory
>> you're using will probably have some other context type, such as
>> mail_spool_t in this case, which mount isn't normally allowed to use as
>> a mount point, and you get the AVC denials and failure to mount as a
>> result. The fix is simply to label the mount point directory
>> appropriately for a mount point.
>
> setsebool -P allow_mount_anyfile 1
>
> should let him mount without any labeling changes right? You should be
> able to find this boolean in system-config-selinux and setroubleshoot
> should have suggested toggling this boolean.
Yes, that should work too but would be more permissive than fixing the
mountpoint context.
Paul.
More information about the fedora-selinux-list
mailing list