F12: SeLinux denials on older Fedora version mounted filesystems
Stephen Smalley
sds at tycho.nsa.gov
Fri Mar 5 18:45:06 UTC 2010
On Fri, 2010-03-05 at 10:29 -0800, Daniel B. Thurman wrote:
> I reported this before, but got no response - perhaps because
> I bundled several issues into one posting? If so, here is a separate
> posting.
>
> It appears that SeLinux examines all mounted filesystem but
> in this case, SeLinux sees other Fedora versions and starts to
> complain when it is not related to the current running OS that
> is running. As you can see below, and running F12, it complains
> about F11 (and in several places in the mounted F11 filesystem).
>
> Many other complaints are similar for mounted Fedora versions
> BELOW the current running OS (F12), such as F11, 10, 9, 8, ...
>
> How does one get around this issue?
updatedb creates a database for locate to use. It isn't
SELinux-related. SELinux is just reporting a denial when updatedb tries
to access those files because they have a security context that isn't
legal/defined under the active policy. To avoid, you can:
1) not mount those filesystems when they aren't being used, or
2) configure /etc/updatedb.conf to exclude them from being scanned by
updatedb.
man updatedb and updatedb.conf
--
Stephen Smalley
National Security Agency
More information about the selinux
mailing list