Bug 232491
Summary: | Fxload | ||
---|---|---|---|
Product: | [Fedora] Fedora | Reporter: | Bart Vanbrabant <bart.vanbrabant> |
Component: | selinux-policy | Assignee: | Daniel Walsh <dwalsh> |
Status: | CLOSED CURRENTRELEASE | QA Contact: | Ben Levenson <benl> |
Severity: | medium | Docs Contact: | |
Priority: | medium | ||
Version: | rawhide | CC: | dwalsh |
Target Milestone: | --- | ||
Target Release: | --- | ||
Hardware: | All | ||
OS: | Linux | ||
Whiteboard: | |||
Fixed In Version: | Current | Doc Type: | Bug Fix |
Doc Text: | Story Points: | --- | |
Clone Of: | Environment: | ||
Last Closed: | 2007-08-22 14:15:46 UTC | Type: | --- |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: |
Description
Bart Vanbrabant
2007-03-15 19:02:16 UTC
Fixed in selinux-policy-2.5.8-6 This error got resolved. I'm getting others now, so loading firmware still fails. I did setenforce 0 to get all errors this time: avc: denied { ioctl } for comm="fxload" dev=usbfs egid=0 euid=0 exe="/sbin/fxload" exit=1 fsgid=0 fsuid=0 gid=0 items=0 name="003" path="/proc/bus/usb/003/003" pid=2744 scontext=system_u:system_r:udev_t:s0-s0:c0.c1023 sgid=0 subj=system_u:system_r:udev_t:s0-s0:c0.c1023 suid=0 tclass=file tcontext=system_u:object_r:usbfs_t:s0 tty=(none) uid=0 avc: denied { read, write } for comm="fxload" dev=usbfs egid=0 euid=0 exe="/sbin/fxload" exit=3 fsgid=0 fsuid=0 gid=0 items=0 name="003" pid=2744 scontext=system_u:system_r:udev_t:s0-s0:c0.c1023 sgid=0 subj=system_u:system_r:udev_t:s0-s0:c0.c1023 suid=0 tclass=file tcontext=system_u:object_r:usbfs_t:s0 tty=(none) uid=0 avc: denied { ioctl } for comm="fxload" dev=usbfs egid=0 euid=0 exe="/sbin/fxload" exit=1 fsgid=0 fsuid=0 gid=0 items=0 name="005" path="/proc/bus/usb/003/005" pid=4266 scontext=system_u:system_r:udev_t:s0-s0:c0.c1023 sgid=0 subj=system_u:system_r:udev_t:s0-s0:c0.c1023 suid=0 tclass=file tcontext=system_u:object_r:usbfs_t:s0 tty=(none) uid=0 avc: denied { read, write } for comm="fxload" dev=usbfs egid=0 euid=0 exe="/sbin/fxload" exit=3 fsgid=0 fsuid=0 gid=0 items=0 name="005" pid=4266 scontext=system_u:system_r:udev_t:s0-s0:c0.c1023 sgid=0 subj=system_u:system_r:udev_t:s0-s0:c0.c1023 suid=0 tclass=file tcontext=system_u:object_r:usbfs_t:s0 tty=(none) uid=0 When the firmware get load and the actual driver is loaded, /dev/video0 is created. I get this avc then: avc: denied { getattr } for comm="setfacl" dev=tmpfs egid=0 euid=0 exe="/usr/bin/setfacl" exit=0 fsgid=0 fsuid=0 gid=0 items=0 name="video0" path="/dev/video0" pid=5211 scontext=system_u:system_r:hald_acl_t:s0 sgid=0 subj=system_u:system_r:hald_acl_t:s0 suid=0 tclass=chr_file tcontext=system_u:object_r:v4l_device_t:s0 tty=(none) uid=0 This one seems to be coming from hal, do I need to file this in an other bugreport? I will fix the hal issue. The problem is allowing udev to rw usbfs_t seems a little extreme. I would rather write policy for fxload to confine it rather then extend udev. Should be fixed in the current release |