Bug 187436
Summary: | policy denies udev pam_console_apply on dev/dvb | ||
---|---|---|---|
Product: | [Fedora] Fedora | Reporter: | Jón Fairbairn <jon.fairbairn> |
Component: | selinux-policy-targeted | Assignee: | Daniel Walsh <dwalsh> |
Status: | CLOSED RAWHIDE | QA Contact: | |
Severity: | medium | Docs Contact: | |
Priority: | medium | ||
Version: | 5 | CC: | dwalsh |
Target Milestone: | --- | ||
Target Release: | --- | ||
Hardware: | All | ||
OS: | Linux | ||
Whiteboard: | |||
Fixed In Version: | Doc Type: | Bug Fix | |
Doc Text: | Story Points: | --- | |
Clone Of: | Environment: | ||
Last Closed: | 2006-05-05 15:01:13 UTC | Type: | --- |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: |
Description
Jón Fairbairn
2006-03-30 21:54:09 UTC
Could you try semanage fcontext -a -t v4l_device_t "/dev/dvb/.*" restorecon -R -v /dev/dvb and see if it works? # semanage fcontext -a -t v4l_device_t "/dev/dvb/.*" (no output) # restorecon -R -v /dev/dvb restorecon set context /dev/dvb/adapter0->system_u:object_r:v4l_device_t failed:'Permission denied' restorecon reset /dev/dvb/adapter0/net0 context system_u:object_r:device_t->system_u:object_r:v4l_device_t restorecon reset /dev/dvb/adapter0/dvr0 context system_u:object_r:device_t->system_u:object_r:v4l_device_t restorecon reset /dev/dvb/adapter0/demux0 context system_u:object_r:device_t->system_u:object_r:v4l_device_t restorecon reset /dev/dvb/adapter0/frontend0 context system_u:object_r:device_t->system_u:object_r:v4l_device_t After that, removing the driver and reloading it results in the console owner owning the devices $ ls --lcon /dev/dvb/adapter0/ total 0 crw-rw---- 1 system_u:object_r:v4l_device_t jf root 212, 4 Mar 31 18:07 demux0 crw-rw---- 1 system_u:object_r:v4l_device_t jf root 212, 5 Mar 31 18:07 dvr0 crw-rw---- 1 system_u:object_r:v4l_device_t jf root 212, 3 Mar 31 18:07 frontend0 crw-rw---- 1 system_u:object_r:v4l_device_t jf root 212, 7 Mar 31 18:07 net0 presumably the restorecon is unneccessary if the driver isn't loaded, since the device nodes don't exist until it is loaded, and it'll happen then? The first error refers to the directory: $ ls --lcon /dev/dvb/adapter0/ -d drwxr-xr-x 2 system_u:object_r:device_t root root 120 Mar 31 18:07 /dev/dvb/adapter0// but that's fine Actually I gave you the wrong command #delete the previous semanage fcontext -d -t v4l_device_t "/dev/dvb/.*" # Readd the command specifying -c for chr_device semanage fcontext -a -t v4l_device_t -f"-c" "/dev/dvb/.*" # List the device semanage fcontext -l | grep dvb /dev/dvb/.* character device system_u:object_r:v4l_device_t:s0 Next policy update should have this change. That works too. Many thanks. Fixed in selinux-policy-2.2.29-2.fc5 Closing as these have been marked as modified, for a while. Feel free to reopen if not fixed |