Bug 175636

Summary: RFE: allow pcscd to load non-OSS driver modules
Product: [Fedora] Fedora Reporter: Ville Skyttä <scop>
Component: selinux-policy-targetedAssignee: Daniel Walsh <dwalsh>
Status: CLOSED RAWHIDE QA Contact:
Severity: medium Docs Contact:
Priority: medium    
Version: rawhideKeywords: FutureFeature
Target Milestone: ---   
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: 2.1.6-17 Doc Type: Enhancement
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2006-01-29 22:32:02 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description Ville Skyttä 2005-12-13 16:53:16 UTC
Some OMNIKEY (CardMan 2020, CardMan 4000) and SCM Microsystems (SCR24x) smart
card reader drivers include a non-PIC binary-only pcsc-lite driver module, which
doesn't work with selinux-policy-targeted out of the box; audit.log says execmod
denied for pcscd when it tries to load these.

Setting this:

   /usr(/.*)?/pcsc/drivers(/.*)?/libcm(2020|4000|SCR24x)\.so(\.[^/]*)*

...to system_u:object_r:textrel_shlib_t would fix it AFAICT.

Comment 1 Ville Skyttä 2005-12-24 20:48:28 UTC
Thanks, I see this has been applied in recent selinux policy packages.  However,
my regexp above and the one in the policy is buggy, it should be:

   .../lib(cm2020|cm4000|SCR24x)\.so...

ie. one of the libs is libSCR24x.so, not libcmSCR24x.so.  Sorry about that.

Comment 2 Daniel Walsh 2005-12-27 15:39:32 UTC
Fixed in  2.1.6-17

Comment 3 Ville Skyttä 2006-01-29 22:32:02 UTC
Thanks.