I’m getting the following SELinux errors on login (using lightdm) and my encrypted directories are failing to mount:
SELinux is preventing login from entrypoint access on the file /usr/sbin/mount.ecryptfs_private.
i can run ecryptfs-mount-private immediately after login and then it works. unfortunately i upgraded recently from F32 to F34 so i’m not sure if it broken in F33 or F34.
i don’t think so. different source context:
Raw Audit Messages
type=AVC msg=audit(1629280418.15:300): avc: denied { entrypoint } for pid=1802 comm="lightdm" path="/usr/sbin/mount.ecryptfs_private" dev="dm-0" ino=101432482 scontext=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 tcontext=system_u:object_r:mount_ecryptfs_exec_t:s0 tclass=file permissive=0
journalctl -b -g avc | audit2allow -m local -o /tmp/local.te
If you have selinux troubleshooter installed, it’ll tell you what to do. It also allows you to file a bug so that this can be fixed in the selinux policy.
sudo dnf install setroubleshoot
Then run sealert or select it from the list of applications and see what it suggests:
ok thanks. next time i’m on the machine i’ll try and raise a bug.
raised here: 1175928 – SELinux is preventing login from 'entrypoint' accesses on the file /usr/sbin/mount.ecryptfs_private.
I’m running ecryptfs without problems here.
Private folder are auto. mounted after login.
On new installs I run this (alas I have forgotten why it’s needed and can’t find it in the INet anymore):
sudo setsebool -P use_ecryptfs_home_dirs 1
all above that I used setroubleshoot
