[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

12 Alpha: SELinux Denials After putting install.img on USB Stick



Last night, I downloaded the installation DVD for Fedora 12 x86_64. Checked the sha256sum of the iso file, then mounted it on my web server and extracted the file install.img from the images directory. Then plugged in my USB stick and used dd as root to write install.img to the stick like so:

[root deafeng3 Fedora-12-Alpha-x86_64-DVD]# dd if=install.img of=/dev/sdb
239392+0 records in
239392+0 records out
122568704 bytes (123 MB) copied, 2.40894 s, 50.9 MB/s
[root deafeng3 Fedora-12-Alpha-x86_64-DVD]# umount /dev/sdb1

Then I unplugged the USB stick and plugged it in again to the same USB port, just so I could check on whether I did the dd correctly. I got the following in /var/log/messages:

Aug 30 09:44:17 deafeng3 kernel: usb 2-1: new high speed USB device using ehci_hcd and address 3 Aug 30 09:44:17 deafeng3 kernel: usb 2-1: New USB device found, idVendor=1307, idProduct=0163 Aug 30 09:44:17 deafeng3 kernel: usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
Aug 30 09:44:17 deafeng3 kernel: usb 2-1: Product: Flash Disk
Aug 30 09:44:17 deafeng3 kernel: usb 2-1: Manufacturer: USB 2.0
Aug 30 09:44:17 deafeng3 kernel: usb 2-1: SerialNumber: a751edc7217524
Aug 30 09:44:17 deafeng3 kernel: usb 2-1: configuration #1 chosen from 1 choice Aug 30 09:44:17 deafeng3 kernel: scsi7 : SCSI emulation for USB Mass Storage devices Aug 30 09:44:22 deafeng3 kernel: scsi 7:0:0:0: Direct-Access USB 2.0 Flash Disk 0.00 PQ: 0 ANSI: 2 Aug 30 09:44:22 deafeng3 kernel: sd 7:0:0:0: [sdb] 1974271 512-byte hardware sectors: (1.01 GB/963 MiB)
Aug 30 09:44:22 deafeng3 kernel: sd 7:0:0:0: [sdb] Write Protect is off
Aug 30 09:44:22 deafeng3 kernel: sd 7:0:0:0: [sdb] Assuming drive cache: write through Aug 30 09:44:22 deafeng3 kernel: sd 7:0:0:0: [sdb] 1974271 512-byte hardware sectors: (1.01 GB/963 MiB)
Aug 30 09:44:22 deafeng3 kernel: sd 7:0:0:0: [sdb] Write Protect is off
Aug 30 09:44:22 deafeng3 kernel: sd 7:0:0:0: [sdb] Assuming drive cache: write through
Aug 30 09:44:22 deafeng3 kernel: sdb: unknown partition table
Aug 30 09:44:22 deafeng3 kernel: sd 7:0:0:0: [sdb] Attached SCSI removable disk Aug 30 09:44:22 deafeng3 kernel: sd 7:0:0:0: Attached scsi generic sg2 type 0 Aug 30 09:44:22 deafeng3 kernel: squashfs: version 4.0 (2009/01/31) Phillip Lougher Aug 30 09:44:27 deafeng3 setroubleshoot: SELinux is preventing mount (mount_t) "mount" unlabeled_t. For complete SELinux messages. run sealert -l 57d3e63a-f463-4a19-afd0-fab8cbaf8a3a Aug 30 09:44:27 deafeng3 setroubleshoot: SELinux is preventing mount (mount_t) "mount" unlabeled_t. For complete SELinux messages. run sealert -l 57d3e63a-f463-4a19-afd0-fab8cbaf8a3a

Running sealert as requested yields this:

----------------------------------------------------------------------------------------------------------------------------------

[rlc deafeng3 Fedora-12-Alpha-x86_64-DVD]$ sealert -l 57d3e63a-f463-4a19-afd0-fab8cbaf8a3a

Summary:

SELinux is preventing mount (mount_t) "mount" unlabeled_t.

Detailed Description:

SELinux denied access requested by mount. It is not expected that this access is required by mount and this access may signal an intrusion attempt. It is also
possible that the specific version or configuration of the application is
causing it to require additional access.

Allowing Access:

You can generate a local policy module to allow this access - see FAQ
(http://fedora.redhat.com/docs/selinux-faq-fc5/#id2961385) Or you can disable SELinux protection altogether. Disabling SELinux protection is not recommended.
Please file a bug report (http://bugzilla.redhat.com/bugzilla/enter_bug.cgi)
against this package.

Additional Information:

Source Context                system_u:system_r:mount_t:s0-s0:c0.c1023
Target Context                system_u:object_r:unlabeled_t:s0
Target Objects                / [ filesystem ]
Source                        mount
Source Path                   /bin/mount
Port <Unknown>
Host                          deafeng3.signtype.info
Source RPM Packages           util-linux-ng-2.14.2-9.fc11
Target RPM Packages           filesystem-2.4.21-1.fc11
Policy RPM                    selinux-policy-3.6.12-80.fc11
Selinux Enabled               True
Policy Type                   targeted
MLS Enabled                   True
Enforcing Mode                Enforcing
Plugin Name                   catchall
Host Name                     deafeng3.signtype.info
Platform                      Linux deafeng3.signtype.info
2.6.29.6-217.2.16.fc11.x86_64 #1 SMP Mon Aug 24
                              17:17:40 EDT 2009 x86_64 x86_64
Alert Count                   2
First Seen                    Sun Aug 30 09:44:22 2009
Last Seen                     Sun Aug 30 09:44:22 2009
Local ID                      57d3e63a-f463-4a19-afd0-fab8cbaf8a3a
Line Numbers

Raw Audit Messages

node=deafeng3.signtype.info type=AVC msg=audit(1251639862.705:34): avc: denied { mount } for pid=5398 comm="mount" name="/" dev=sdb ino=743 scontext=system_u:system_r:mount_t:s0-s0:c0.c1023 tcontext=system_u:object_r:unlabeled_t:s0 tclass=filesystem

node=deafeng3.signtype.info type=SYSCALL msg=audit(1251639862.705:34): arch=c000003e syscall=165 success=no exit=-13 a0=7f974bd1a930 a1=7f974bd1a950 a2=7f974bd1a970 a3=ffffffffc0ed0007 items=0 ppid=3041 pid=5398 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="mount" exe="/bin/mount" subj=system_u:system_r:mount_t:s0-s0:c0.c1023 key=(null)

------------------------------------------------------------------------------------------------

Any ideas about whether this will be a problem for purposes of installing Fedora 12 on a brand new hard drive?

Thanks

Bob Cochran
Greenbelt, Maryland, USA



[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]