Bug 604952 (MPD)
Summary: | SELinux is preventing /usr/bin/mpd "read" access on /home/edlman/.pulse/d3ddfd60b514527fc174b8fb000000fb-runtime. | ||
---|---|---|---|
Product: | [Fedora] Fedora | Reporter: | Martin Edlman <martin.edlman> |
Component: | selinux-policy | Assignee: | Miroslav Grepl <mgrepl> |
Status: | CLOSED CANTFIX | QA Contact: | Fedora Extras Quality Assurance <extras-qa> |
Severity: | medium | Docs Contact: | |
Priority: | low | ||
Version: | 13 | CC: | dwalsh, mgrepl, z01.root |
Target Milestone: | --- | ||
Target Release: | --- | ||
Hardware: | i386 | ||
OS: | Linux | ||
Whiteboard: | setroubleshoot_trace_hash:f01804bf7b99d0bac59759f02cdfb22c693afa3f131a324e505771824d370dce | ||
Fixed In Version: | Doc Type: | Bug Fix | |
Doc Text: | Story Points: | --- | |
Clone Of: | Environment: | ||
Last Closed: | 2010-10-07 14:54:40 UTC | Type: | --- |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: |
Description
Martin Edlman
2010-06-17 06:03:52 UTC
Martin, could you send me your mpd.conf and /etc/pulse/daemon.conf Thanks. Hello, here are my config files - I stripped out comment lines. Pulse audio config is original without modifications. mpd is running under my UID (edlman), /var/lib/mpd (and everything inside) is owned by edlman. I tried to make mpd run under its UID (mpd) according to http://mpd.wikia.com/wiki/PulseAudio but with no success. ----------------------------------------------------------- # cat /etc/mpd.conf music_directory "/media/data/multimedia/audio" playlist_directory "/var/lib/mpd/playlists" db_file "/var/lib/mpd/mpd.db" log_file "/var/lib/mpd/mpd.log" error_file "/var/lib/mpd/mpd.error" state_file "/var/lib/mpd/mpdstate" #user "mpd" user "edlman" zeroconf_enabled "yes" zeroconf_name "Music Player Worm" audio_output { type "pulse" name "PulseAudio Output" } audio_output { type "shout" format "44100:16:2" name "Music stream" host "worm.fortech.cz" port "8000" mount "/stream.ogg" password "edasovo" quality "5" user "source" description "All kinds of music" genre "Everything" } # end of audio_output mixer_type "software" ----------------------------------------------------------- # cat /etc/pulse/default.pa .nofail .fail load-module module-device-restore load-module module-stream-restore load-module module-card-restore load-module module-augment-properties .ifexists module-udev-detect.so load-module module-udev-detect .else load-module module-detect .endif .ifexists module-bluetooth-discover.so load-module module-bluetooth-discover .endif .ifexists module-esound-protocol-unix.so load-module module-esound-protocol-unix .endif load-module module-native-protocol-unix .ifexists module-gconf.so .nofail load-module module-gconf .fail .endif load-module module-default-device-restore load-module module-rescue-streams load-module module-always-sink load-module module-intended-roles load-module module-suspend-on-idle load-module module-console-kit load-module module-position-event-sounds load-module module-cork-music-on-phone I forgot to include /etc/pulse/daemon.conf. This file is without modification from instalation, all lines are commented out with # or ;. So I won't list it here. Pulseaudio is installed from RPM - pulseaudio-0.9.21-6.fc13.i686. (In reply to comment #0) > Hello, > > here's another issue of mpd and pulseaudio. The mpd is (must be) running under > my UID (edlman) not its default (mpd), otherwise it is not playing at all. I > don't know if it's problem of SELinux or mpd itself. > > It looks as it's not able to connect to pulseaudio daemon which is running in > user mode under my UID. Maybe running pulseaudio in system mode would solve the > problem - I'll try to test it. > Ok, these avc messages are caused by mpd running under your UID. > > allow mpd_t pulseaudio_home_t:file { read write open lock }; > allow mpd_t pulseaudio_home_t:lnk_file read; > allow mpd_t unconfined_execmem_t:process signull; > allow mpd_t unconfined_execmem_t:unix_stream_socket connectto; > allow mpd_t user_tmp_t:sock_file write; *** Bug 609264 has been marked as a duplicate of this bug. *** *** Bug 610852 has been marked as a duplicate of this bug. *** *** Bug 610825 has been marked as a duplicate of this bug. *** The workaround for MPD which is not running under mpd user. # cat > mympd.te << _EOF policy_module(mympd, 1.0) require{ type mpd_t; } pulseaudio_manage_home_files(mpd_t) pulseaudio_setattr_home_dir(mpd_t) userdom_list_user_tmp(mpd_t) userdom_write_user_tmp_sockets(mpd_t) unconfined_stream_connect(mpd_t) _EOF # make -f /usr/share/selinux/devel/Makefile # semodule -i mympd.pp |