Hi! I wanted to help resolving bug https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=211767
During some investigation I found that after mounting ntfs partition files have context set to unlabeled_t. I downloaded selinux-policy.srpm and found in policy/modules/kernel/filesystem.te these lines:
# # dosfs_t is the type for fat and vfat # filesystems and their files. # type dosfs_t; fs_noxattr_type(dosfs_t) allow dosfs_t fs_t:filesystem associate; genfscon fat / gen_context(system_u:object_r:dosfs_t,s0) genfscon msdos / gen_context(system_u:object_r:dosfs_t,s0) genfscon ntfs / gen_context(system_u:object_r:dosfs_t,s0) genfscon vfat / gen_context(system_u:object_r:dosfs_t,s0)
I thought "Great, I need similar entry in my module!". I prepared this file: [root@X ~]# cat ntfs3g.te module ntfs3g 1.0;
require { class chr_file { getattr read write }; class file execute_no_trans; type device_t; type dosfs_t; type mount_exec_t; type mount_t; role system_r; };
genfscon ntfs-3g / gen_context(system_u:object_r:dosfs_t,s0) allow mount_t device_t:chr_file { getattr read write }; allow mount_t mount_exec_t:file execute_no_trans; [root@X ~]#
As you can guess it does not compile ;-)
[root@X ~]# checkmodule -M -m -o ntfs3g.mod ntfs3g.te checkmodule: loading policy configuration from ntfs3g.te (unknown source)::ERROR 'syntax error' at token 'genfscon' on line 13:
genfscon ntfs-3g / gen_context(system_u:object_r:dosfs_t,s0) checkmodule: error(s) encountered while parsing configuration [root@X ~]#
What I have done wrong?
(FC6, selinux-policy-targeted-2.4.1-3.fc6)
Regards, Dawid