Can't mount anywhere but to /mnt

My system has developed a strange defect after a distribution upgrade (OpenSuSE 12.3 -> 13.2). I have various USB devices that I want to mount to different top-level directories: the backup drive to /backup, my USB stick to /usb, and the SD card adapter to /SD. That used to work without problem by simply naming the device ID and the top-level directory in /etc/fstab:

/dev/disk/by-id/scsi-1TOSHIBA_TransMemory-part1                        /usb       vfat     noauto,user,exec               0 0
/dev/disk/by-id/ata-ST2000LM003_HN-M201RAD_S34RJ9AFA36173-part1        /backup    ext4     noauto,user,exec               0 0
/dev/disk/by-id/usb-Generic-_SD_MMC_MS_PRO_20120926571200000-0:0-part1 /SD        exfat    noauto,user,exec  

Now, with the new kernel (3.16.7) and all, the exact /dev/disk/by-id identifiers have changed, so I adapted them, but mounting fails nevertheless. It turns out I can mount none of these devices to their preferred mount points anymore, not even when I give the real name (e.g., /dev/sdc1 or the like). Mounting them manually, even as root, gives no output and returns 0 just like a normal mount, but it doesn’t populate the moint point with the content of the disk, and in fact the mount command claims that the device isn’t mounted after all.

However, I can mount any of these devices successfully if I choose the mount point /mnt, or, weirdly, a subdirectory of /mnt. That’s reassuring - it proves that there isn’t a hardware or driver problem - but I’d really like to mount my peripherals to their mnemonic names, and in particular I’d sometimes like to mount two of them simultaneously.

Why on Earth would the system care where I mount something, as long as the mount point exists, is accessible, and isn’t already mounted? All three top-level dirs worked fine under the old kernel (3.7.10), and now they don’t. Can I be running into some new security manager or filter rule that I’ve never heard about?

Might be caused by AppArmor?
It might block accesses to those top-level directories, even for root.

Can you mount/access them after you stopped AppArmor?

systemctl stop apparmor

OTOH, did you actually try to mount them as root, despite of the “user” option in fstab?
Maybe there’s just a problem with file/folder permissions.

Another thing to note: the last line is missing the “0 0” at the end. Maybe it’s an fstab parsing problem. “mount” in 13.2 might be more sensible to the correct syntax or something…

That’s it! After disabling App Armor, I can mount normally, both manually as root and implicitly via fstab as user.

Apparently I’m now considered subversive for wanting to populate my own top-level directories. From what I can glean from its configuration files, App Armor forbids almost all mounts, with /mnt being one exception.

I’m kind of grateful that that exception was there - if it wasn’t, I wouldn’t have been able to mount anywhere, and would probably have wasted hours or days assuming there was a hardware or driver problem - but still, I’m leaning towards getting rid of App Armor rather than learning its set-up just to grant myself these specific privileges.

Well rather then get rid of it. It does offer protection maybe ease up on the settings.

Maybe try using the Partitioner (Available in YAST after initial installation)?

I haven’t tried what you describe exactly, but not that long ago I noticed you are at least offered tremendous flexibility in creating new mount points in plenty of places, even top level.

TSU

Yeah, but that doesn’t help if AppArmor blocks the access.
And no, the partitioner does not configure AppArmor appropriately, at least AFAIK.

You need to do that manually, maybe this would help though:
https://wiki.ubuntu.com/AppArmor
(the openSUSE page, http://activedoc.opensuse.org/book/opensuse-security-guide, is currently down for maintenance unfortunately)

Or use subdirectories in /mnt/ for your mount points e.g.