Bug 298601
Summary: | AVC denied for dellWirelessCtl when called from HAL | ||
---|---|---|---|
Product: | [Fedora] Fedora | Reporter: | Michael E Brown <mebrown> |
Component: | selinux-policy | Assignee: | Daniel Walsh <dwalsh> |
Status: | CLOSED CURRENTRELEASE | QA Contact: | Fedora Extras Quality Assurance <extras-qa> |
Severity: | high | Docs Contact: | |
Priority: | medium | ||
Version: | rawhide | CC: | matt_domsch, walters |
Target Milestone: | --- | ||
Target Release: | --- | ||
Hardware: | All | ||
OS: | Linux | ||
Whiteboard: | |||
Fixed In Version: | Current | Doc Type: | Bug Fix |
Doc Text: | Story Points: | --- | |
Clone Of: | Environment: | ||
Last Closed: | 2008-01-30 19:19:28 UTC | Type: | --- |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: |
Description
Michael E Brown
2007-09-20 17:05:43 UTC
Sorry, truncated the last paragraph when I was transcribing... Talked to walters on IRC and he suggested opening a bug. Looking at the HAL policy, we already grant it read-write access to raw disk devices. It seems of limited utility to define separate domains for callout programs which need further specific privileges like raw memory access (sonypic and mac), and now dellWirelessCtl. So my basic suggestion would be to merge all three into a highly privileged hal_callout_t domain. Actually I would like to try to go the other way, and figure out which hal exes require r/w raw disk, and only give the privs to that exe. Anyways. Fixed in selinux-policy-3.0.8-6.fc8 Bulk closing all bugs in Fedora updates in the modified state. If you bug is not fixed, please reopen. |