| Summary: | avc: denied { read } for pid=823 comm="alsactl" name="controlC1" dev=devtmpfs | ||
|---|---|---|---|
| Product: | Red Hat Enterprise Linux 6 | Reporter: | Jan Pazdziora <jpazdziora> |
| Component: | selinux-policy | Assignee: | Daniel Walsh <dwalsh> |
| Status: | CLOSED CURRENTRELEASE | QA Contact: | BaseOS QE Security Team <qe-baseos-security> |
| Severity: | unspecified | Docs Contact: | |
| Priority: | unspecified | ||
| Version: | 6.1 | CC: | bpeck, dcallagh, dwalsh, mcsontos, mgrepl, rmancy, stl |
| Target Milestone: | rc | ||
| Target Release: | --- | ||
| Hardware: | Unspecified | ||
| OS: | Unspecified | ||
| Whiteboard: | |||
| Fixed In Version: | Doc Type: | Bug Fix | |
| Doc Text: | Story Points: | --- | |
| Clone Of: | Environment: | ||
| Last Closed: | 2011-03-11 15:32:21 UTC | Type: | --- |
| Regression: | --- | Mount Type: | --- |
| Documentation: | --- | CRM: | |
| Verified Versions: | Category: | --- | |
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
| Cloudforms Team: | --- | Target Upstream Version: | |
This is not a bug in harness nor test: there is an AVC error and test properly reports it. I am against hiding genuine AVC errors. All we can do is to take AVC_ERROR into account in sysinfo sub-test. Please, report a bug against component which causes the problem too, please. OK, thanks, flipping to RHEL 6 selinux-policy. # audit2allow
type=1400 audit(1299591440.975:4): avc: denied { read } for pid=823 comm="alsactl" name="controlC1" dev=devtmpfs ino=10736 scontext=system_u:system_r:alsa_t:s0-s0:c0.c1023 tcontext=system_u:object_r:device_t:s0 tclass=chr_file
#============= alsa_t ==============
allow alsa_t device_t:chr_file read;
# find /dev -inum 10736
/dev/snd/controlC1
#
/dev/snd/controlC1 did not get the right label during install matchpathcon /dev/snd/controlC1 /dev/snd/controlC1 system_u:object_r:sound_device_t:s0 How is the device labeled now? ls -Z /dev/snd/controlC1 (In reply to comment #7) > How is the device labeled now? > > ls -Z /dev/snd/controlC1 # ls -Z /dev/snd/controlC1 crw-rw----. root audio system_u:object_r:sound_device_t:s0 /dev/snd/controlC1 |
Description of problem: When installing RHEL 6 on some systems, I get failed ./Sysinfo in /distribution/install because of AVC denial: ******** SElinux AVC Failures ******** type=1400 audit(1299591440.975:4): avc: denied { read } for pid=823 comm="alsactl" name="controlC1" dev=devtmpfs ino=10736 scontext=system_u:system_r:alsa_t:s0-s0:c0.c1023 tcontext=system_u:object_r:device_t:s0 tclass=chr_file ***** Potential Issues install.log ***** Version-Release number of selected component (if applicable): Not really sure -- whatever is installed as of yesterday. How reproducible: Seen a couple of time, not deterministic thou. Steps to Reproduce: 1. Install RHEL 6. 2. Check the result of /distribution/install Actual results: Fail. Expected results: Pass. Additional info: