| Summary: | selinux with confined users (staff_u) does not allow audio | ||||||
|---|---|---|---|---|---|---|---|
| Product: | [Fedora] Fedora | Reporter: | bodhi.zazen <bodhi.zazen> | ||||
| Component: | selinux-policy | Assignee: | Miroslav Grepl <mgrepl> | ||||
| Status: | CLOSED NOTABUG | QA Contact: | Fedora Extras Quality Assurance <extras-qa> | ||||
| Severity: | unspecified | Docs Contact: | |||||
| Priority: | unspecified | ||||||
| Version: | 20 | CC: | dominick.grift, dwalsh, lvrabec, mgrepl | ||||
| Target Milestone: | --- | ||||||
| Target Release: | --- | ||||||
| Hardware: | Unspecified | ||||||
| OS: | Unspecified | ||||||
| Whiteboard: | |||||||
| Fixed In Version: | Doc Type: | Bug Fix | |||||
| Doc Text: | Story Points: | --- | |||||
| Clone Of: | Environment: | ||||||
| Last Closed: | 2013-10-07 14:17:01 UTC | Type: | Bug | ||||
| Regression: | --- | Mount Type: | --- | ||||
| Documentation: | --- | CRM: | |||||
| Verified Versions: | Category: | --- | |||||
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |||||
| Cloudforms Team: | --- | Target Upstream Version: | |||||
| Attachments: |
|
||||||
note: user_u do not have this problem, only staff_u No it would not work either. The problem here is the audio server is running as unconfined_t. Did you start it outside of the service script? I believe this problem happens if you switch from unconfined_u to staff_u. Thank you both for looking at this report. I installed Fedora 20 (alpha) and confined my users (user_u and one staff_u). It is the xcfe spin and the audio server was started automatically, I believe at log in. At any rate, no, I did not start the server manually. user_u can use audio without any problem. only staff_u had a problem with the audio server. bodhi. Bottom line, if you switched to staff_u and then rebooted it would not have happened. Perhaps you had a left over process running as unconfined_t (Pulseaudio?) that staff_t was trying to communicate with. Thank you once again for your patience Daniel, rebooting indeed resolved the issue. |
Created attachment 808583 [details] raw avc denials Description of problem: Selinux is preventing staff_u from using audio. Version-Release number of selected component (if applicable): I found the problem with aucacuious How reproducible: Steps to Reproduce: 1. selinux enabled 2. confine user(s) as staff_u 3. attempt to run audacity Actual results: Audacity does not run Expected results: Audacity runs and I can play music files Additional info: Attaching raw avc denials myaudacious.te : module myaudacious 1.0; require { type staff_t; type unconfined_t; class unix_stream_socket connectto; } #============= staff_t ============== allow staff_t unconfined_t:unix_stream_socket connectto;