Bug 601617
Summary: | SELinux is preventing /usr/bin/pulseaudio "read" access on 0c50ee6989bbf5811d9f976b0000003e-runtime. | ||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|
Product: | [Fedora] Fedora | Reporter: | Rahul Sundaram <sundaram> | ||||||||
Component: | selinux-policy | Assignee: | Miroslav Grepl <mgrepl> | ||||||||
Status: | CLOSED ERRATA | QA Contact: | Fedora Extras Quality Assurance <extras-qa> | ||||||||
Severity: | medium | Docs Contact: | |||||||||
Priority: | medium | ||||||||||
Version: | 13 | CC: | dwalsh, mgrepl, smohan, verdelyi | ||||||||
Target Milestone: | --- | ||||||||||
Target Release: | --- | ||||||||||
Hardware: | x86_64 | ||||||||||
OS: | Linux | ||||||||||
Whiteboard: | setroubleshoot_trace_hash:0b1f55c9207e8e0e076185d3c249eb4f417fcc1596c2f9c3af5712abe299c073 | ||||||||||
Fixed In Version: | selinux-policy-3.7.19-28.fc13 | Doc Type: | Bug Fix | ||||||||
Doc Text: | Story Points: | --- | |||||||||
Clone Of: | Environment: | ||||||||||
Last Closed: | 2010-06-23 17:48:20 UTC | Type: | --- | ||||||||
Regression: | --- | Mount Type: | --- | ||||||||
Documentation: | --- | CRM: | |||||||||
Verified Versions: | Category: | --- | |||||||||
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |||||||||
Cloudforms Team: | --- | Target Upstream Version: | |||||||||
Embargoed: | |||||||||||
Attachments: |
|
Description
Rahul Sundaram
2010-06-08 10:31:25 UTC
Miroslav, need to add manage_lnk_files_pattern(pulseaudio_t, pulseaudio_var_lib_t, pulseaudio_var_lib_t) Fixed in selinux-policy-3.7.19-25.fc13 Created attachment 423882 [details]
AVCs
I could create 10 bugs but I won't so I attach a file with 10 more various AVCs from pulseaudio. Please have a look at these before pushing that update.
How to reproduce:
1. switch to permissive mode
2. yum install mpd
3. /etc/init.d/start mpd
I forgot to add that one of them told me to restore a context, I did and it didn't help. I am just adding mpd policy to selinux-policy and I will build it and create a new update with this policy today. Fixed in selinux-policy-3.7.19-28.fc13 selinux-policy-3.7.19-28.fc13 has been submitted as an update for Fedora 13. http://admin.fedoraproject.org/updates/selinux-policy-3.7.19-28.fc13 I have just installed this one from koji, and got 14 other AVCs when starting mpd from programs like mpd, gconf-helper, pulseaudio, rtkit-daemon... Did you install also selinux-policy-targeted package? If yes, could you attach your /var/log/audit/audit.log. Created attachment 423972 [details] Audit log (tar.bz2) I had to install it to satisfy its dependencies. And the AVCs say it's the -28 version. Audit log attached. Viktor, thanks for testing. Are you running PulseAudio as system wide daemon? Not sure, I'm running on defaults, as far as pulseaudio is concerned. Maybe it has to do something with the fact that I'm running KDE (with some default pulseaudio intergration bits). ps aux: verdelyi 2110 0.1 0.2 180316 6672 ? Ssl Jun12 4:43 /usr/bin/pulseaudio --start --log-target=syslog Well, daemon would mean -D option, wouldn't it? It isn't there so maybe it's not running as a daemon. But I'm no pulseaudio expert. selinux-policy-3.7.19-28.fc13 has been pushed to the Fedora 13 testing repository. If problems still persist, please make note of it in this bug report. If you want to test the update, you can install it with su -c 'yum --enablerepo=updates-testing update selinux-policy'. You can provide feedback for this update here: http://admin.fedoraproject.org/updates/selinux-policy-3.7.19-28.fc13 Created attachment 424393 [details]
Pulseaudio config (it seems to have the info you need)
Viktor, thanks. Could you also test the latest F13 policy from koji? Same AVCs with selinux-policy-3.7.19-29.fc13. (In the changelog pulseaudio/mpd was't mentioned at all. It didn't even have a chance to work.) selinux-policy-3.7.19-28.fc13 has been pushed to the Fedora 13 stable repository. If problems still persist, please make note of it in this bug report. |