When I reboot my mirror server, I always get these avc's and it fails to automatically mount my iso's:
Sep 27 10:30:33 sinclair kernel: audit(1190903394.348:4): avc: denied { read } for pid=4163 comm="mount" name="enigma-i386-disc1.iso" dev=dm-6 ino=191775508 scontext=system_u:system_r:mount_t:s0 tcontext=system_u:object_r:public_content_t:s0 tclass=file
Here is the corresponding entry from /etc/fstab:
/srv/ftp/pub/linux/distributions/redhat/linux/7.2/en/iso/i386/enigma-i386-disc1.iso /srv/ftp/pub/mnt/enigma-i386-disc1 iso9660 ro,context=system_u:object_r:public_content_t,loop=/dev/loop10,nosuid,nodev 0 0
I tried something like this in /etc/rc.d/rc.local:
# make loop devices 0-199 and redo mount /usr/local/sbin/mkloops mount -a
Where "mkloops" does this:
#!/bin/bash #set -x for i in 0 1; do for j in 0 1 2 3 4 5 6 7 8 9; do for k in 0 1 2 3 4 5 6 7 8 9; do n=$(echo ${i}${j}${k} | sed -e's/^0+//g') [ -z $n ] && n=0 [ ! -e /dev/loop${n} ] && mknod -m 0640 /dev/loop${n} b 7 ${n} chown root:disk /dev/loop${n} done done done
Any suggestions on how to allow a file to be loop mounted and also shared via FTP/HTTP/RSYNC?
Thanks.
Chuck Anderson wrote:
On Thu, Sep 27, 2007 at 11:05:33AM -0400, Chuck Anderson wrote:
Any suggestions on how to allow a file to be loop mounted and also shared via FTP/HTTP/RSYNC?
I forgot to mention, that after bootup, I can log in as root and do this to fix it:
mount -a
Try this:
setsebool -P allow_mount_anyfile 1
To try this out without rebooting, unmount your loop files and try remounting them using:
# service netfs start
Try doing this before and after setting the boolean to see what difference it makes.
Paul.
On Thu, Sep 27, 2007 at 04:14:07PM +0100, Paul Howarth wrote:
setsebool -P allow_mount_anyfile 1
To try this out without rebooting, unmount your loop files and try remounting them using:
# service netfs start
Try doing this before and after setting the boolean to see what difference it makes.
That works, thanks!
selinux@lists.fedoraproject.org