Bug 1075929
| Summary: | selinux-policy prevents pcscd from accessing polkit | ||||||
|---|---|---|---|---|---|---|---|
| Product: | [Fedora] Fedora | Reporter: | Nikos Mavrogiannopoulos <nmavrogi> | ||||
| Component: | selinux-policy | Assignee: | Miroslav Grepl <mgrepl> | ||||
| Status: | CLOSED ERRATA | QA Contact: | Fedora Extras Quality Assurance <extras-qa> | ||||
| Severity: | unspecified | Docs Contact: | |||||
| Priority: | unspecified | ||||||
| Version: | rawhide | CC: | dominick.grift, dwalsh, lvrabec, mgrepl | ||||
| Target Milestone: | --- | ||||||
| Target Release: | --- | ||||||
| Hardware: | Unspecified | ||||||
| OS: | Unspecified | ||||||
| Whiteboard: | |||||||
| Fixed In Version: | Doc Type: | Bug Fix | |||||
| Doc Text: | Story Points: | --- | |||||
| Clone Of: | Environment: | ||||||
| Last Closed: | 2014-03-13 09:11:54 UTC | Type: | Bug | ||||
| Regression: | --- | Mount Type: | --- | ||||
| Documentation: | --- | CRM: | |||||
| Verified Versions: | Category: | --- | |||||
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |||||
| Cloudforms Team: | --- | Target Upstream Version: | |||||
| Embargoed: | |||||||
| Attachments: |
|
||||||
Should be fixed in the latest release. #============= pcscd_t ============== #!!!! This avc is allowed in the current policy allow pcscd_t unconfined_t:dir search; |
Created attachment 873845 [details] warnings from sealert Description of problem: The new pcsc-lite in rawhide uses polkit to decide on user access on smart cards. However, selinux-policy prevents that from happening resulting to rejection of any policy decision. The daemon reports: Mar 13 09:22:23 dhcp-2-127.brq.redhat.com pcscd[16052]: 03738058 auth.c:116:IsClientAuthorized() Error in authorization: GDBus.Error:org.freedesktop.DBus.Error.AccessDenied: An SELinux policy prevents this sender from sending this message to this recipient, 0 matched rules; type="method_call", sender=":1.3871" (uid=0 pid=16052 comm="/usr/sbin/pcscd --foreground --auto-exit ") interface="org.freedesktop.PolicyKit1.Authority" member="CheckAuthorization" error name="(unset)" requested_reply="0" destination=":1.405" (uid=999 pid=5932 comm="/usr/lib/polkit-1/polkitd --no-debug ") How reproducible: Steps to Reproduce: 1. Install pcsc-lite from rawhide 2. Insert a smart card and try running opensc-tool --list Actual results: No smart cards found. Expected results: Smart cards should be listed. Additional info: Attached is the output of sealert tool.