Bug 1582205
Summary: | usbmuxd triggers SELinux violation, simply reading | ||
---|---|---|---|
Product: | Red Hat Enterprise Linux 7 | Reporter: | R P Herrold <herrold> |
Component: | selinux-policy | Assignee: | Lukas Vrabec <lvrabec> |
Status: | CLOSED ERRATA | QA Contact: | Milos Malik <mmalik> |
Severity: | unspecified | Docs Contact: | |
Priority: | unspecified | ||
Version: | 7.5 | CC: | lvrabec, mgrepl, mmalik, plautrba, ssekidde |
Target Milestone: | rc | ||
Target Release: | --- | ||
Hardware: | All | ||
OS: | Linux | ||
Whiteboard: | |||
Fixed In Version: | selinux-policy-3.13.1-203.el7 | Doc Type: | If docs needed, set a value |
Doc Text: | Story Points: | --- | |
Clone Of: | Environment: | ||
Last Closed: | 2018-10-30 10:04:11 UTC | Type: | Bug |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: |
Description
R P Herrold
2018-05-24 14:11:45 UTC
Fix in fedora: 697cbe8643 I have a repetition of this: SELinux is preventing /usr/sbin/usbmuxd from 'open' accesses on the file /run/udev/data/+usb:2-0:1.0. ***** Plugin catchall (100. confidence) suggests ************************** If you believe that usbmuxd should be allowed open access on the +usb:2-0:1.0 file by default. Then you should report this as a bug. You can generate a local policy module to allow this access. Do allow this access for now by executing: # ausearch -c 'usbmuxd' --raw | audit2allow -M my-usbmuxd # semodule -i my-usbmuxd.pp Additional Information: Source Context system_u:system_r:usbmuxd_t:s0 Target Context system_u:object_r:udev_var_run_t:s0 Target Objects /run/udev/data/+usb:2-0:1.0 [ file ] Source usbmuxd Source Path /usr/sbin/usbmuxd Port <Unknown> Host (removed) Source RPM Packages usbmuxd-1.1.0-1.el7.x86_64 Target RPM Packages Policy RPM selinux-policy-3.13.1-192.el7_5.3.noarch Selinux Enabled True Policy Type targeted Enforcing Mode Enforcing Host Name (removed) Platform Linux (removed) 3.10.0-862.3.2.el7.x86_64 #1 SMP Mon May 21 23:36:36 UTC 2018 x86_64 x86_64 Alert Count 19 First Seen 2018-05-24 17:54:05 EDT Last Seen 2018-05-29 10:10:36 EDT Local ID 7c5b1722-84cd-4045-a14c-391e82363d59 Raw Audit Messages type=AVC msg=audit(1527603036.84:107): avc: denied { open } for pid=712 comm="usbmuxd" path="/run/udev/data/+usb:2-0:1.0" dev="tmpfs" ino=13288 scontext=system_u:system_r:usbmuxd_t:s0 tcontext=system_u:object_r:udev_var_run_t:s0 tclass=file type=SYSCALL msg=audit(1527603036.84:107): arch=x86_64 syscall=open success=no exit=EACCES a0=7ffc84f2f080 a1=80000 a2=1b6 a3=24 items=0 ppid=1 pid=712 auid=4294967295 uid=113 gid=113 euid=113 suid=113 fsuid=113 egid=113 sgid=113 fsgid=113 tty=(none) ses=4294967295 comm=usbmuxd exe=/usr/sbin/usbmuxd subj=system_u:system_r:usbmuxd_t:s0 key=(null) Hash: usbmuxd,usbmuxd_t,udev_var_run_t,file,open ================== what SRPM level contains the fix, so I might build and apply it? Thank you -- Russ herrold Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory, and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://access.redhat.com/errata/RHBA-2018:3111 |