Bug 585459

Summary:	lircd service fails to start with lirc-0.8.6-1.fc11.x86_64
Product:	[Fedora] Fedora	Reporter:	Alex Lancaster <alex>
Component:	selinux-policy-targeted	Assignee:	Miroslav Grepl <mgrepl>
Status:	CLOSED ERRATA	QA Contact:	Ben Levenson <benl>
Severity:	medium	Docs Contact:
Priority:	low
Version:	11	CC:	jarodwilson, sub
Target Milestone:	---
Target Release:	---
Hardware:	All
OS:	Linux
Whiteboard:
Fixed In Version:	lirc-0.8.6-2.fc11	Doc Type:	Bug Fix
Doc Text:		Story Points:	---
Clone Of:		Environment:
Last Closed:	2010-05-03 16:11:41 UTC	Type:	---
Regression:	---	Mount Type:	---
Documentation:	---	CRM:
Verified Versions:		Category:	---
oVirt Team:	---	RHEL 7.3 requirements from Atomic Host:
Cloudforms Team:	---	Target Upstream Version:
Embargoed:

Description Alex Lancaster 2010-04-24 07:15:25 UTC

When I try to start the lircd service I get:

sudo /etc/init.d/lirc start
Starting infrared remote control daemon (lircd): lircd: could not assign address to socket
lircd: Permission denied
                                                           [FAILED]


In the logs I see selinux errors, here's the excerpts from /var/log/audit/audit.log:

type=CONFIG_CHANGE msg=audit(1272092444.516:15372): audit_backlog_limit=320 old=256 auid=4294967295 ses=4294967295 subj=system_u:system_r:auditctl_t:s0 res=1
type=AVC msg=audit(1272092448.958:15373): avc:  denied  { create } for  pid=1682 comm="lircd" name="lircd" scontext=system_u:system_r:lircd_t:s0 tcontext=system_u:object_r:var_run_t:s0 tclass=sock_file
type=SYSCALL msg=audit(1272092448.958:15373): arch=c000003e syscall=49 success=no exit=-13 a0=4 a1=7ffff702a950 a2=6e a3=7ffff702a660 items=0 ppid=1681 pid=1682 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="lircd" exe="/usr/sbin/lircd" subj=system_u:system_r:lircd_t:s0 key=(null)

I am using the version in updates-testing here:

https://admin.fedoraproject.org/updates/lirc-0.8.6-1.fc11

I am also using kernel-2.6.32.10-44.fc11.x86_64 in updates-testing.

Comment 1 Alex Lancaster 2010-04-24 09:49:28 UTC

Add Jarod, in case he has any insights as to what new selinux rules are needed for the new lirc.

Comment 2 Daniel Walsh 2010-04-26 13:11:11 UTC

This looks like /var/run/lirc or /var/run/lircd is not labeled correctly.

Miroslav we might need to backport F12 lirc policy to F11.

Comment 3 Miroslav Grepl 2010-04-26 13:29:59 UTC

Yes, it looks so. I will backport the lirc policy.

Comment 4 Alex Lancaster 2010-04-26 17:17:24 UTC

(In reply to comment #3)
> Yes, it looks so. I will backport the lirc policy.    

Meanwhile, can you post a command-line as a workaround to fix the labelling until the new policy gets pushed?  Thanks.

Comment 5 Miroslav Grepl 2010-04-27 11:06:54 UTC

Fixed in selinux-policy-3.6.12-98.fc11.

Comment 6 Miroslav Grepl 2010-04-27 11:10:40 UTC

You can download selinux-policy and selinux-policy-targeted packages and install these packages from Koji for now.

http://koji.fedoraproject.org/koji/buildinfo?buildID=168966

Comment 7 Bug Zapper 2010-04-28 12:03:14 UTC

This message is a reminder that Fedora 11 is nearing its end of life.
Approximately 30 (thirty) days from now Fedora will stop maintaining
and issuing updates for Fedora 11.  It is Fedora's policy to close all
bug reports from releases that are no longer maintained.  At that time
this bug will be closed as WONTFIX if it remains open with a Fedora 
'version' of '11'.

Package Maintainer: If you wish for this bug to remain open because you
plan to fix it in a currently maintained version, simply change the 'version' 
to a later Fedora version prior to Fedora 11's end of life.

Bug Reporter: Thank you for reporting this issue and we are sorry that 
we may not be able to fix it before Fedora 11 is end of life.  If you 
would still like to see this bug fixed and are able to reproduce it 
against a later version of Fedora please change the 'version' of this 
bug to the applicable version.  If you are unable to change the version, 
please add a comment here and someone will do it for you.

Although we aim to fix as many bugs as possible during every release's 
lifetime, sometimes those efforts are overtaken by events.  Often a 
more recent Fedora release includes newer upstream software that fixes 
bugs or makes them obsolete.

The process we are following is described here: 
http://fedoraproject.org/wiki/BugZappers/HouseKeeping

Comment 8 Alex Lancaster 2010-04-29 08:38:03 UTC

(In reply to comment #6)
> You can download selinux-policy and selinux-policy-targeted packages and
> install these packages from Koji for now.
> 
> http://koji.fedoraproject.org/koji/buildinfo?buildID=168966    

Great, seems to work now, thanks!  Can you submit this as proper bodhi update to updates-testing?

Comment 9 Alex Lancaster 2010-04-29 08:39:43 UTC

(In reply to comment #8)
> (In reply to comment #6)
> > You can download selinux-policy and selinux-policy-targeted packages and
> > install these packages from Koji for now.
> > 
> > http://koji.fedoraproject.org/koji/buildinfo?buildID=168966    
> 
> Great, seems to work now, thanks!  Can you submit this as proper bodhi update
> to updates-testing?    

Of course it should be added or otherwise combined with the relevant lirc update so it goes out at the same time: 

https://admin.fedoraproject.org/updates/lirc-0.8.6-1.fc11

Comment 10 Fedora Update System 2010-04-29 14:27:11 UTC

selinux-policy-3.6.12-98.fc11,lirc-0.8.6-2.fc11 has been submitted as an update for Fedora 11.
http://admin.fedoraproject.org/updates/selinux-policy-3.6.12-98.fc11,lirc-0.8.6-2.fc11

Comment 11 Fedora Update System 2010-05-03 16:11:37 UTC

lirc-0.8.6-2.fc11, selinux-policy-3.6.12-98.fc11 has been pushed to the Fedora 11 stable repository.  If problems still persist, please make note of it in this bug report.

Comment 12 Darwin Slattery 2010-05-04 11:15:39 UTC

I am using the i586 version of lirc but lirc has stopped working since these latest updates. The service starts fine and I'm not seeing any errors in the 'secure' or 'messages' logs or in dmesg. irw also starts but I get no response to buttons on my remote. 

I reverted back to 8.5.3 but that didn't solve it. I'm running in permissive mode but the selinux update seems to be the root of the problem. Is there anything else I can do to help diagnose this problem?

kernel: 2.6.30.10-105.2.23.fc11.i686.PAE
tv card: Hauppage PVR-350
selinux-policy-targeted-3.6.12-98.fc11.noarch
selinux-policy-3.6.12-98.fc11.noarch
lirc-doc-0.8.6-2.fc11.i586
lirc-libs-0.8.6-2.fc11.i586
lirc-0.8.6-2.fc11.i586
lirc-remotes-0.8.6-2.fc11.i586

Thanks in advance.

Comment 13 Miroslav Grepl 2010-05-04 11:57:30 UTC

So you are running in permissive mode but it doesn't work. Then it doesn't look like SELinux problem.

Are you seeing any AVC messages in /var/log/audit/audit.log?

Comment 14 Darwin Slattery 2010-05-04 12:44:46 UTC

Thanks for your reply.

I'm not seeing anything to do with lirc in audit.log. I thought that permissive mode would prevent problems too but I have had selinux updates causing issues with lirc before.

I'll keep looking for clues. Thanks again.