Bug 546030
Summary: | SELinux is preventing the /usr/bin/pulseaudio from using potentially mislabeled files (autospawn.lock). | ||
---|---|---|---|
Product: | [Fedora] Fedora | Reporter: | herra_pilvinen |
Component: | selinux-policy | Assignee: | Miroslav Grepl <mgrepl> |
Status: | CLOSED ERRATA | QA Contact: | Fedora Extras Quality Assurance <extras-qa> |
Severity: | medium | Docs Contact: | |
Priority: | low | ||
Version: | 12 | CC: | carlg, dwalsh, lpoetter, mgrepl, rstrode |
Target Milestone: | --- | ||
Target Release: | --- | ||
Hardware: | x86_64 | ||
OS: | Linux | ||
Whiteboard: | setroubleshoot_trace_hash:ef1dca0c1bd50b0955fd863d4ad65934ba5e4f2c6da304e7042f5de485678135 | ||
Fixed In Version: | 3.6.32-84.fc12 | Doc Type: | Bug Fix |
Doc Text: | Story Points: | --- | |
Clone Of: | Environment: | ||
Last Closed: | 2010-02-11 14:40:19 UTC | Type: | --- |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: |
Description
herra_pilvinen
2009-12-09 20:25:38 UTC
Are you logged in as the context xdm_t? id -Z THis looks like pulseaudit is trying to create autospawn.lock in a directory previosly created by a user? seems unlikely quickly browsing the code. I see something like k = pa_sprintf_malloc("%s/%s-runtime", get_pulse_home (), get_machine_id ()); so it doesn't seem like a dir a user would create But I don't know how this stuff works, cc'ing lennart hmm, we create that lock file in a dir in /tmp. The name of that dir is randomly chosen, and verified to belong to us, so it should be set up properly. So the directory is shared between all users of pulseaudio even if pulseaudio is running as root? Versus a non root UID? --- Fedora Bugzappers volunteer triage team https://fedoraproject.org/wiki/BugZappers Miroslav, lets just allow this access. userdom_manage_user_tmp_files(xdm_t) Fixed in selinux-policy-3.6.32-80.fc12 selinux-policy-3.6.32-82.fc12 has been submitted as an update for Fedora 12. http://admin.fedoraproject.org/updates/selinux-policy-3.6.32-82.fc12 selinux-policy-3.6.32-84.fc12 has been pushed to the Fedora 12 testing repository. If problems still persist, please make note of it in this bug report. If you want to test the update, you can install it with su -c 'yum --enablerepo=updates-testing update selinux-policy'. You can provide feedback for this update here: http://admin.fedoraproject.org/updates/F12/FEDORA-2010-1492 selinux-policy-3.6.32-84.fc12 has been pushed to the Fedora 12 stable repository. If problems still persist, please make note of it in this bug report. |