LinuxQuestions.org
Share your knowledge at the LQ Wiki.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Security
User Name
Password
Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.

Notices


Reply
  Search this Thread
Old 01-07-2007, 03:38 PM   #1
nirmaltom
Member
 
Registered: Jun 2005
Location: India
Distribution: Redhat,Fedora,DSL,Ubuntu
Posts: 238

Rep: Reputation: 30
selinux troubles from mounting foreign partitions


hi,
i am running zod.i have some ntfs and vfat partitions as well.After configuring yum,i installed ntfs-3g driver for write support.i have selinux in the enforcing mode, i dont want to switch it off instead do the correct trouble shooting.
When the system boots .it gives me the error of permission denied to mount ntfs drives.After getting into the system , if i gave mount -a as root,they are mounted.I run setroubleshot ,it show me the error on readahead application.
when i shutdown, the same problem unable to umount and showing me lot of selinux errors.
Plz help me in giving the correct context.
regards,
Tom.
 
Old 01-08-2007, 10:01 AM   #2
unSpawn
Moderator
 
Registered: May 2001
Posts: 29,390
Blog Entries: 55

Rep: Reputation: 3563Reputation: 3563Reputation: 3563Reputation: 3563Reputation: 3563Reputation: 3563Reputation: 3563Reputation: 3563Reputation: 3563Reputation: 3563Reputation: 3563
Post your AVC messages instead of talking about them.
 
Old 01-08-2007, 11:46 AM   #3
nirmaltom
Member
 
Registered: Jun 2005
Location: India
Distribution: Redhat,Fedora,DSL,Ubuntu
Posts: 238

Original Poster
Rep: Reputation: 30
hi,
audit(1168275693.237:4): avc: denied { execute_no_trans } for pid=1717 comm="mount.ntfs-3g" name="fusermount" dev=dm-11 ino=586010 scontext=system_u:system_r:mount_t:s0 tcontext=system_ubject_r:mount_exec_t:s0 tclass=file

found in /var/log/dmesg

thanks

regards,
Tom.

Last edited by nirmaltom; 01-08-2007 at 11:48 AM.
 
Old 01-08-2007, 02:17 PM   #4
unSpawn
Moderator
 
Registered: May 2001
Posts: 29,390
Blog Entries: 55

Rep: Reputation: 3563Reputation: 3563Reputation: 3563Reputation: 3563Reputation: 3563Reputation: 3563Reputation: 3563Reputation: 3563Reputation: 3563Reputation: 3563Reputation: 3563
See http://www.ntfs-3g.org/support.html#selinux
 
Old 01-09-2007, 01:51 PM   #5
nirmaltom
Member
 
Registered: Jun 2005
Location: India
Distribution: Redhat,Fedora,DSL,Ubuntu
Posts: 238

Original Poster
Rep: Reputation: 30
hi,
they FAQ page you referenced me,asked me to update the packages and i do the same
[root@server ~]# rpm -qa | grep selinux
libselinux-devel-1.30.29-2
libselinux-1.30.29-2
selinux-policy-targeted-2.4.6-23.fc6
selinux-policy-2.4.6-23.fc6
libselinux-python-1.30.29-2

i also tried,

[root@server ~]# audit2allow -M local < /var/log/dmesg
Generating type enforcment file: local.te
Compiling policy
checkmodule -M -m -o local.mod local.te
semodule_package -o local.pp -m local.mod

******************** IMPORTANT ***********************

In order to load this newly created policy package into the kernel,
you are required to execute

semodule -i local.pp

[root@server ~]#

but they error is still shown and is in /var/log/dmesg as,


audit(1168371646.228:4): avc: denied { read write } for pid=1717 comm="fusermount" name="fuse" dev=tmpfs ino=1859 scontext=system_u:system_r:mount_t:s0 tcontext=system_ubject_r:fixed_disk_device_t:s0 tclass=chr_file

thanks and regards,
Tom.
 
Old 01-11-2007, 01:51 PM   #6
nirmaltom
Member
 
Registered: Jun 2005
Location: India
Distribution: Redhat,Fedora,DSL,Ubuntu
Posts: 238

Original Poster
Rep: Reputation: 30
hi,
if i am write, i think the bug is not fully resolved,may some people got it.
In a try to resolve this problem i think i have misused the audit2allow command,by changing to wrong contexts for some files.Now i get more than 10 selinux errors some counts more than 100.Can u plz say me,how to reset the selinux to default on targeted policy.Thank u
regards,
Tom
 
Old 01-11-2007, 04:06 PM   #7
unSpawn
Moderator
 
Registered: May 2001
Posts: 29,390
Blog Entries: 55

Rep: Reputation: 3563Reputation: 3563Reputation: 3563Reputation: 3563Reputation: 3563Reputation: 3563Reputation: 3563Reputation: 3563Reputation: 3563Reputation: 3563Reputation: 3563
As root 'touch /.autorelabel && /sbin/shutdown -r now'. Another way is to 'fixfiles relabel'. It completely relabels the system but is somewhat destructive (removes /tmp contents).
 
Old 01-12-2007, 03:01 AM   #8
nirmaltom
Member
 
Registered: Jun 2005
Location: India
Distribution: Redhat,Fedora,DSL,Ubuntu
Posts: 238

Original Poster
Rep: Reputation: 30
hi,
thanks a lot
regards,
Tom.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
Mounting LVM troubles. Freestone Linux - Newbie 2 11-08-2006 07:33 PM
mounting troubles ahimsel08 Linux - Hardware 16 06-27-2004 08:28 AM
locales and foreign filenames with fat partitions alexrait1 Slackware 0 06-11-2004 07:39 AM
Troubles with FAT32 partitions in Redhat 9.0 Nychold Linux - Newbie 5 03-04-2004 10:07 AM
audio cd mounting troubles durden2.0 Linux - Newbie 2 07-09-2003 07:41 PM

LinuxQuestions.org > Forums > Linux Forums > Linux - Security

All times are GMT -5. The time now is 03:00 PM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration