SELinux login errors with ecryptfs

I’m getting the following SELinux errors on login (using lightdm) and my encrypted directories are failing to mount:

SELinux is preventing login from entrypoint access on the file /usr/sbin/mount.ecryptfs_private.

i can run ecryptfs-mount-private immediately after login and then it works. unfortunately i upgraded recently from F32 to F34 so i’m not sure if it broken in F33 or F34.

1 Like

Can you double check if it is this bug


1 Like

i don’t think so. different source context:

Raw Audit Messages
type=AVC msg=audit(1629280418.15:300): avc:  denied  { entrypoint } for  pid=1802 comm="lightdm" path="/usr/sbin/mount.ecryptfs_private" dev="dm-0" ino=101432482 scontext=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 tcontext=system_u:object_r:mount_ecryptfs_exec_t:s0 tclass=file permissive=0
1 Like
journalctl -b -g avc | audit2allow -m local -o /tmp/local.te

1 Like

If you have selinux troubleshooter installed, it’ll tell you what to do. It also allows you to file a bug so that this can be fixed in the selinux policy.

sudo dnf install setroubleshoot

Then run sealert or select it from the list of applications and see what it suggests:

1 Like

ok thanks. next time i’m on the machine i’ll try and raise a bug.

1 Like

raised here: 1175928 – SELinux is preventing login from 'entrypoint' accesses on the file /usr/sbin/mount.ecryptfs_private.

1 Like

I’m running ecryptfs without problems here.
Private folder are auto. mounted after login.

On new installs I run this (alas I have forgotten why it’s needed and can’t find it in the INet anymore):

sudo setsebool -P use_ecryptfs_home_dirs 1

all above that I used setroubleshoot