On Tue, 2006-03-28 at 15:52 -0600, Ian Pilcher wrote:
Ian Pilcher wrote:
> audit(1143579721.063:15): avc: denied { search } for pid=1709
> comm="mount" name="/" dev=md8 ino=2
> scontext=system_u:system_r:mount_t:s0
> tcontext=system_u:object_r:unlabeled_t:s0 tclass=dir
I created a brand new ReiserFS filesystem on a spare device and tried to
mount it on /mnt/tmp via /etc/fstab. Upon rebooting, dmesg contains:
ReiserFS: md9: warning: xattrs/ACLs enabled and couldn't find/create
.reiserfs_priv. Failing mount.
So it looks like the mount command can't find the SELinux contexts for
the filesystem, because the SELinux contexts for the filesystem aren't
set, because it can't find the SELinux contexts for the filesystem....
Sorry, reiserfs xattrs are known to be broken with SELinux at present,
because reiserfs doesn't yet implement the inode_init_security method
for labeling new inodes atomically at creation time. As a workaround,
mount it with a context= mount to override the use of xattrs.
Dan and Chris - please drop the fs_use_xattr line for reiserfs in policy
and possibly add a genfscon entry back for reiserfs so that SELinux
doesn't try using xattrs on reiserfs.
--
Stephen Smalley
National Security Agency