Bug 120303
| Summary: | tvtime broken because of policy | ||
|---|---|---|---|
| Product: | [Fedora] Fedora | Reporter: | lupus <de_lupus> |
| Component: | policy | Assignee: | Russell Coker <rcoker> |
| Status: | CLOSED CURRENTRELEASE | QA Contact: | Ben Levenson <benl> |
| Severity: | medium | Docs Contact: | |
| Priority: | medium | ||
| Version: | rawhide | CC: | billy.biggs, dwalsh, than |
| Target Milestone: | --- | ||
| Target Release: | --- | ||
| Hardware: | All | ||
| OS: | Linux | ||
| Whiteboard: | |||
| Fixed In Version: | 1.25.4-10.1 | Doc Type: | Bug Fix |
| Doc Text: | Story Points: | --- | |
| Clone Of: | Environment: | ||
| Last Closed: | 2005-09-15 15:58:14 UTC | Type: | --- |
| Regression: | --- | Mount Type: | --- |
| Documentation: | --- | CRM: | |
| Verified Versions: | Category: | --- | |
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
| Cloudforms Team: | --- | Target Upstream Version: | |
| Embargoed: | |||
Fixed in policy-1.11.1-1 audit(1082569152.619:0): avc: denied { ioctl } for pid=2115
exe=/usr/bin/tvtime path=/dev/video0 dev=hda3 ino=190244
scontext=user_u:user_r:user_t tcontext=system_u:object_r:v4l_device_t
tclass=chr_file
still broken
Ok, could you change it to permissive mode and run the command and then give us the AVC messages. Dan audit(1083000151.939:0): avc: denied { read } for pid=2192
exe=/usr/bin/tvtime name=rtc dev=hda3 ino=184867
scontext=user_u:user_r:user_t
tcontext=system_u:object_r:clock_device_t tclass=chr_file
audit(1083000151.939:0): avc: denied { ioctl } for pid=2192
exe=/usr/bin/tvtime path=/dev/rtc dev=hda3 ino=184867
scontext=user_u:user_r:user_t
tcontext=system_u:object_r:clock_device_t tclass=chr_file
audit(1083000151.939:0): avc: denied { sys_resource } for pid=2192
exe=/usr/bin/tvtime capability=24 scontext=user_u:user_r:user_t
tcontext=user_u:user_r:user_t tclass=capability
audit(1083000151.939:0): avc: denied { setuid } for pid=2192
exe=/usr/bin/tvtime capability=7 scontext=user_u:user_r:user_t
tcontext=user_u:user_r:user_t tclass=capability
audit(1083000151.968:0): avc: denied { ioctl } for pid=2192
exe=/usr/bin/tvtime path=/dev/video0 dev=hda3 ino=190244
scontext=user_u:user_r:user_t tcontext=system_u:object_r:v4l_device_t
tclass=chr_file
this is it
Here is what I get on my vanilla FC2 installation :
tvtime can not acces /dev/rtc and /dev/video0 :
[stein@localhost stein]$ tvtime
Running tvtime 0.9.12.
rtctimer: Cannot open /dev/rtc: Permission denied
rtctimer: Cannot open /dev/misc/rtc: No such file or directory
Enhanced Real Time Clock support in your kernel is necessary for
smooth video. We strongly recommend that you load the 'rtc' kernel
module before starting tvtime, and make sure that your user has
access to the device file (/dev/rtc or /dev/misc/rtc). See our
support page at http://tvtime.net/ for more information.
Reading configuration from /etc/tvtime/tvtime.xml
Reading configuration from /home/stein/.tvtime/tvtime.xml
videoinput: Cannot open capture device /dev/video0: Permission denied
Thank you for using tvtime.
[stein@localhost stein]$ rpm -q tvtime
tvtime-0.9.12-5
Added new tvtime policy selinux-policy-strict-1.17.24-3 |
Description of problem: tvtime says it can not use /dev/video0, so it does not work anymore tvtime needs the right to access /dev/video0 !!! Version-Release number of selected component (if applicable): tvtime-0.9.12-5 policy-1.9.2-12 How reproducible: Steps to Reproduce: 1. 2. 3. Actual results: Expected results: Additional info: in dmesg: audit(1081357231.807:0): avc: denied { read write } for pid=2112 exe=/usr/bin /tvtime name=video0 dev=hda3 ino=190244 scontext=user_u:user_r:user_t tcontext=s ystem_u:object_r:v4l_device_t tclass=chr_file bttv driver has to be modprobed by hand and even then tvtime does not work. So it's not an driver issue.