Bug 607983
Summary: | SELinux is preventing /usr/bin/mpd "read" access on /home/wlan/Music. | ||
---|---|---|---|
Product: | [Fedora] Fedora | Reporter: | wlan <z01.root> |
Component: | selinux-policy | Assignee: | Miroslav Grepl <mgrepl> |
Status: | CLOSED ERRATA | QA Contact: | Fedora Extras Quality Assurance <extras-qa> |
Severity: | medium | Docs Contact: | |
Priority: | low | ||
Version: | 13 | CC: | cheery314, dwalsh, mgrepl |
Target Milestone: | --- | Keywords: | Reopened |
Target Release: | --- | ||
Hardware: | x86_64 | ||
OS: | Linux | ||
Whiteboard: | setroubleshoot_trace_hash:862fbd019998785d33d5b111b7d5330542ccea206e539d4a0e6ab0aa7b3848db | ||
Fixed In Version: | selinux-policy-3.7.19-33.fc13 | Doc Type: | Bug Fix |
Doc Text: | Story Points: | --- | |
Clone Of: | Environment: | ||
Last Closed: | 2010-11-02 16:49:53 UTC | Type: | --- |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: |
Description
wlan
2010-06-25 10:54:30 UTC
I was thinking about that while I was creating mpd policy. The default location for MPD music is /var/lib/mpd/music directory. But I guess I can add a new boolean for MPD which will allow it. Add a type for this directory and then allow it to read. Don't add a boolean type audio_home_t; Put this in usedom definitions. Send me a patch.... Fixed in selinux-policy-3.7.19-32.fc13 selinux-policy-3.7.19-33.fc13 has been submitted as an update for Fedora 13. http://admin.fedoraproject.org/updates/selinux-policy-3.7.19-33.fc13 selinux-policy-3.7.19-33.fc13 has been pushed to the Fedora 13 testing repository. If problems still persist, please make note of it in this bug report. If you want to test the update, you can install it with su -c 'yum --enablerepo=updates-testing update selinux-policy'. You can provide feedback for this update here: http://admin.fedoraproject.org/updates/selinux-policy-3.7.19-33.fc13 selinux-policy-3.7.19-33.fc13 has been pushed to the Fedora 13 stable repository. If problems still persist, please make note of it in this bug report. (In reply to comment #5) > selinux-policy-3.7.19-33.fc13 has been pushed to the Fedora 13 testing > repository. If problems still persist, please make note of it in this bug > report. > If you want to test the update, you can install it with > su -c 'yum --enablerepo=updates-testing update selinux-policy'. You can > provide feedback for this update here: > http://admin.fedoraproject.org/updates/selinux-policy-3.7.19-33.fc13 Hi! I tried this, but it did not fix the problem. Now, how do I downgrade back to the non-test SELinux? (In reply to comment #7) > > Hi! I tried this, but it did not fix the problem. Does it mean the same problem still persists? What AVC messages are you seeing? (In reply to comment #8) > (In reply to comment #7) > > > > > Hi! I tried this, but it did not fix the problem. > Does it mean the same problem still persists? What AVC messages are you seeing? Yes. I saw the same errors, along with quite a few others. I have decided to use MPlayer to listen to internet radio instead. What is your outputs of # matchpathcon /home/wlan/Music and # rpm -qa selinux-policy-\* Could you attach these AVC messages. I would like to know where the problem is. Thanks. Not that exactly. I have no folder "/home/wlan/Music". What I mean is, I have the same problem as the user who submitted this. [silent@TERMINAL-BMRF-9 ~]$ sudo matchpathcon /home/wlan/Music [sudo] password for silent: /home/wlan/Music unconfined_u:object_r:audio_home_t:s0 [silent@TERMINAL-BMRF-9 ~]$ sudo matchpathcon /home/silent/Audio /home/silent/Audio unconfined_u:object_r:user_home_t:s0 [silent@TERMINAL-BMRF-9 ~]$ rpm -qa selinux-policy-\* selinux-policy-targeted-3.7.19-51.fc13.noarch Excellent analysis. SELinux is all about labels. We allow MPD to read audio content with the "audio_home_t" label in home directories. But you have your audio content labelled as "user_home_t". So you need to set the label. # chcon -R -t audio_home_t /home/silent/Audio will fix. Dan, I will add HOME_DIR/Audio(/.*)? gen_context(system_u:object_r:audio_home_t,s0) (In reply to comment #12) > Excellent analysis. > > SELinux is all about labels. We allow MPD to read audio content with the > "audio_home_t" label in home directories. But you have your audio content > labelled as "user_home_t". So you need to set the label. > > # chcon -R -t audio_home_t /home/silent/Audio > > will fix. > > > Dan, > I will add > > HOME_DIR/Audio(/.*)? gen_context(system_u:object_r:audio_home_t,s0) I still can't use MPD. SELinux complains about quite a few things, including pulseaudio. I've never used SELinux before, my last distro was Mint. Could you send me your /var/log/audit/audit.log? If you are interested http://docs.fedoraproject.org/en-US/Fedora/13/html/Security-Enhanced_Linux/ http://danwalsh.livejournal.com/ http://sradvan.fedorapeople.org/SELinux_FAQ/ Sure. Miroslav what is the standard directory for this? Is this user defined? Oops, I missed your question. Anyways, you are right, it is not the standard directory. I was thinking about Music dir, which is the standard dir, but the problem is about Audio dir. |