On Wed, 2007-02-28 at 18:15 -0800, Tom London wrote:
Running latest rawhide, targeted/enforcing.
Get these on boot in /var/log/messages:
Feb 28 18:03:58 localhost kernel: audit(1172714587.604:4): avc:
denied { getattr } for pid=436 comm="mount" name="/" dev=selinuxfs
ino=540 scontext=system_u:system_r:mount_t:s0
tcontext=system_u:object_r:security_t:s0 tclass=filesystem
Change to libselinux by Steve Grubb. The corresponding change to policy
was already committed upstream, so Dan just needs to pull it in
(allowing this permission in the selinux_get_fs_mount interface/macro).
--
Stephen Smalley
National Security Agency