Bug 357011
| Summary: | Read access denied to asound.state by salsa | ||
|---|---|---|---|
| Product: | [Fedora] Fedora | Reporter: | Matthew Saltzman <mjs> |
| Component: | selinux-policy-targeted | Assignee: | Daniel Walsh <dwalsh> |
| Status: | CLOSED CURRENTRELEASE | QA Contact: | Ben Levenson <benl> |
| Severity: | low | Docs Contact: | |
| Priority: | low | ||
| Version: | 7 | CC: | firewalkergr, orion |
| Target Milestone: | --- | ||
| Target Release: | --- | ||
| Hardware: | i386 | ||
| OS: | Linux | ||
| Whiteboard: | |||
| Fixed In Version: | Current | Doc Type: | Bug Fix |
| Doc Text: | Story Points: | --- | |
| Clone Of: | Environment: | ||
| Last Closed: | 2007-12-06 18:39:15 UTC | Type: | --- |
| Regression: | --- | Mount Type: | --- |
| Documentation: | --- | CRM: | |
| Verified Versions: | Category: | --- | |
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
| Cloudforms Team: | --- | Target Upstream Version: | |
| Embargoed: | |||
Fixed in selinux-policy-2.6.4-49 And broken in -50?
audit(1193765793.022:13): avc: denied { read } for pid=1205 comm="salsa"
name="asound.state" dev=sda3 ino=1284774
scontext=system_u:system_r:udev_t:s0-s0:c0.c1023
tcontext=system_u:object_r:alsa_etc_rw_t:s0 tclass=file
[root@bona ~]# rpm -q selinux-policy
selinux-policy-2.6.4-50.fc7
Orion, is the /sbin/salsa labeled correctly? Should be alsa_exec_t? [root@bona ~]# restorecon -v /sbin/salsa [root@bona ~]# ls -Z /sbin/salsa -rwxr-xr-x root root system_u:object_r:alsa_exec_t /sbin/salsa Same problem here.
ls -Z /sbin/salsa
-rwxr-xr-x root root system_u:object_r:alsa_exec_t /sbin/salsa
audit(1193782846.719:4): avc: denied { read } for pid=1221 comm="salsa"
name="asound.state" dev=dm-0 ino=4424148
scontext=system_u:system_r:udev_t:s0-s0:c0.c1023
tcontext=system_u:object_r:alsa_etc_rw_t:s0 tclass=file
audit(1193782846.720:5): avc: denied { read } for pid=1226 comm="salsa"
name="asound.state" dev=dm-0 ino=4424148
scontext=system_u:system_r:udev_t:s0-s0:c0.c1023
tcontext=system_u:object_r:alsa_etc_rw_t:s0 tclass=file
audit(1193782846.721:6): avc: denied { read } for pid=1222 comm="salsa"
name="asound.state" dev=dm-0 ino=4424148
scontext=system_u:system_r:udev_t:s0-s0:c0.c1023
tcontext=system_u:object_r:alsa_etc_rw_t:s0 tclass=file
audit(1193782846.721:7): avc: denied { read } for pid=1227 comm="salsa"
name="asound.state" dev=dm-0 ino=4424148
scontext=system_u:system_r:udev_t:s0-s0:c0.c1023
tcontext=system_u:object_r:alsa_etc_rw_t:s0 tclass=file
audit(1193782846.722:8): avc: denied { read } for pid=1229 comm="salsa"
name="asound.state" dev=dm-0 ino=4424148
scontext=system_u:system_r:udev_t:s0-s0:c0.c1023
tcontext=system_u:object_r:alsa_etc_rw_t:s0 tclass=file
audit(1193782846.723:9): avc: denied { read } for pid=1228 comm="salsa"
name="asound.state" dev=dm-0 ino=4424148
scontext=system_u:system_r:udev_t:s0-s0:c0.c1023
tcontext=system_u:object_r:alsa_etc_rw_t:s0 tclass=file
audit(1193782846.723:10): avc: denied { read } for pid=1215 comm="salsa"
name="asound.state" dev=dm-0 ino=4424148
scontext=system_u:system_r:udev_t:s0-s0:c0.c1023
tcontext=system_u:object_r:alsa_etc_rw_t:s0 tclass=file
audit(1193782846.724:11): avc: denied { read } for pid=1230 comm="salsa"
name="asound.state" dev=dm-0 ino=4424148
scontext=system_u:system_r:udev_t:s0-s0:c0.c1023
tcontext=system_u:object_r:alsa_etc_rw_t:s0 tclass=file
audit(1193782846.725:12): avc: denied { read } for pid=1231 comm="salsa"
name="asound.state" dev=dm-0 ino=4424148
scontext=system_u:system_r:udev_t:s0-s0:c0.c1023
tcontext=system_u:object_r:alsa_etc_rw_t:s0 tclass=file
Appears to be fixed in 2.6.4-59.fc7 |
Description of problem: kernel: audit(1193647038.141:13): avc: denied { read } for pid=1297 comm="salsa" name="asound.state" dev=dm-0 ino=2066393 scontext=system_u:system_r:udev_t:s0-s0:c0.c1023 tcontext=system_u:object_r:alsa_etc_rw_t:s0 tclass=file Version-Release number of selected component (if applicable): selinux-policy-targeted-2.6.4-48.fc7 How reproducible: Always. Steps to Reproduce: 1. Shut down. 2. 3. Actual results: AVC Expected results: No AVC Additional info: