Stephen Smalley wrote:
mount_t is a domain - a type for a process running the mount program.
Not a file type to assign to mount point directories. Not sure what
type to recommend for what you describe - Dan? Likely need a generic
mnt_t or similar with the mountpoint attribute?
I have changed the type of the mount points to mnt_t. It doesn't look
like this will cause a problem for httpd, because once the filesystem is
mounted, the type of its root directory appears to "mask" the type of
the mount point.
I should have mentioned before that I have no problem mounting these
filesystems as a logged in root user (mount -a); the problem only occurs
when booting the system.
After changing the type of the mount points and rebooting, I am now
getting this:
audit(1143579721.063:15): avc: denied { search } for pid=1709
comm="mount" name="/" dev=md8 ino=2
scontext=system_u:system_r:mount_t:s0
tcontext=system_u:object_r:unlabeled_t:s0 tclass=dir
It looks like the mount command is looking for something in the root
directory of the filesystem, but I have no idea what that might be.
Thanks!
--
========================================================================
Ian Pilcher i.pilcher(a)comcast.net
========================================================================