SELinux targeted preventing gnome-volume-manager from automounting filesystems

By thomas, 6 December, 2005

Symptom:

[user@surrey ~]: gnome-volume-manager ** (gnome-volume-manager:10207): WARNING **: manager.c/912: failed to initialize HAL!

Generate policy rules using audit2allow

[root@surrey ~]# audit2allow -i /var/log/messages allow initrc_t unconfined_t:dbus send_msg; allow unconfined_t initrc_t:dbus { acquire_svc send_msg };

Install policy source rpm

[root@surrey ~]# yum install selinux-policy-targeted-sources

Add local rules to local.te

[root@surrey ~]# pushd /etc/selinux/targeted/src/policy/domains/misc/
/etc/selinux/targeted/src/policy/domains/misc ~
[root@surrey misc]# cat EOF>local.te
> allow initrc_t unconfined_t:dbus send_msg;
> allow unconfined_t initrc_t:dbus { acquire_svc send_msg };
> EOF
[root@surrey misc]# popd
~
[root@surrey ~]# pushd /etc/selinux/targeted/src/policy/
/etc/selinux/targeted/src/policy ~
[root@surrey policy]# make install
mkdir -p tmp
m4� -Imacros -s flask/security_classes flask/initial_sids flask/access_vectors tunables/distro.tun
tunables/tunable.tun attrib.te tmp/program_used_flags.te macros/program/apache_macros.te
... > policy.conf.tmp
mv policy.conf.tmp policy.conf
mkdir -p /etc/selinux/targeted/policy
/usr/bin/checkpolicy -o /etc/selinux/targeted/policy/policy.18 policy.conf
/usr/bin/checkpolicy:� loading policy configuration from policy.conf
security:� 3 users, 4 roles, 349 types, 25 bools
security:� 55 classes, 18748 rules
/usr/bin/checkpolicy:� policy configuration loaded
/usr/bin/checkpolicy:� writing binary representation (version 18) to /etc/selinux/targeted/policy/policy.18
Building file_contexts ...
install -m 644 file_contexts/file_contexts /etc/selinux/targeted/contexts/files/file_contexts
Validating file_contexts ...
/usr/sbin/setfiles -q -c /etc/selinux/targeted/policy/policy.18 /etc/selinux/targeted/contexts/files/file_contexts
[root@surrey policy]#

Start gnome-volume-manager manually

[user@surrey ~]: gnome-volume-manager
manager.c/978: mount_all: mounting /dev/sda1
manager.c/834: Mounted: /org/freedesktop/Hal/devices/block_7DC6-5886