Bug 511029

Summary: setroubleshoot: SELinux is preventing udev-acl.ck (consolekit_t) "getattr" udev_tbl_t.
Product: [Fedora] Fedora Reporter: Michal Nowak <mnowak>
Component: selinux-policyAssignee: Daniel Walsh <dwalsh>
Status: CLOSED DUPLICATE QA Contact: Fedora Extras Quality Assurance <extras-qa>
Severity: medium Docs Contact:
Priority: medium    
Version: rawhideCC: dwalsh, jkubin, mgrepl, ohudlick
Target Milestone: ---   
Target Release: ---   
Hardware: x86_64   
OS: Linux   
Whiteboard: setroubleshoot_trace_hash:4ba7b7859daedf87f4cbcda86ef9b486784d578a515215efc6e4633202645e56
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2009-07-13 11:34:49 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description Michal Nowak 2009-07-13 11:30:30 UTC 
The following was filed automatically by setroubleshoot:

Summary:

SELinux is preventing udev-acl.ck (consolekit_t) "getattr" udev_tbl_t.

Detailed Description:

SELinux denied access requested by udev-acl.ck. It is not expected that this
access is required by udev-acl.ck and this access may signal an intrusion
attempt. It is also possible that the specific version or configuration of the
application is causing it to require additional access.

Allowing Access:

You can generate a local policy module to allow this access - see FAQ
(http://fedora.redhat.com/docs/selinux-faq-fc5/#id2961385) Or you can disable
SELinux protection altogether. Disabling SELinux protection is not recommended.
Please file a bug report (http://bugzilla.redhat.com/bugzilla/enter_bug.cgi)
against this package.

Additional Information:

Source Context                system_u:system_r:consolekit_t:s0-s0:c0.c1023
Target Context                system_u:object_r:udev_tbl_t:s0
Target Objects                /dev/.udev/db/\x2fdevices\x2fpci0000:00\x2f0000:00
                              :01.2\x2fusb1 [ file ]
Source                        udev-acl.ck
Source Path                   /lib/udev/udev-acl
Port                          <Unknown>
Host                          (removed)
Source RPM Packages           udev-143-2.fc12
Target RPM Packages           
Policy RPM                    selinux-policy-3.6.20-2.fc12
Selinux Enabled               True
Policy Type                   targeted
MLS Enabled                   True
Enforcing Mode                Enforcing
Plugin Name                   catchall
Host Name                     (removed)
Platform                      Linux (removed)
                              2.6.31-0.42.rc2.fc12.x86_64 #1 SMP Sat Jul 4
                              20:49:29 EDT 2009 x86_64 x86_64
Alert Count                   2
First Seen                    Mon 13 Jul 2009 01:15:45 PM CEST
Last Seen                     Mon 13 Jul 2009 01:17:00 PM CEST
Local ID                      abde8671-ee6e-4cf0-83ed-b32bd29cd121
Line Numbers                  

Raw Audit Messages            

node=(removed) type=AVC msg=audit(1247483820.761:38253): avc:  denied  { getattr } for  pid=26695 comm="udev-acl.ck" path="/dev/.udev/db/\x2fdevices\x2fpci0000:00\x2f0000:00:01.2\x2fusb1" dev=tmpfs ino=3267 scontext=system_u:system_r:consolekit_t:s0-s0:c0.c1023 tcontext=system_u:object_r:udev_tbl_t:s0 tclass=file

node=(removed) type=SYSCALL msg=audit(1247483820.761:38253): arch=c000003e syscall=6 success=yes exit=0 a0=7fff446871d0 a1=7fff44685d30 a2=7fff44685d30 a3=4 items=0 ppid=663 pid=26695 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="udev-acl.ck" exe="/lib/udev/udev-acl" subj=system_u:system_r:consolekit_t:s0-s0:c0.c1023 key=(null)


audit2allow suggests:

#============= consolekit_t ==============
allow consolekit_t udev_tbl_t:file getattr;
Comment 1 Michal Nowak 2009-07-13 11:34:49 UTC 
The nice UI in Rawhide probably should have some mechanism to avoid dupes (as ABRT or Anaconda does).

*** This bug has been marked as a duplicate of bug 510538 ***