Bug 977437
| Summary: | general protection fault + SELinux AVCs when I plug in iPhone 4S | ||
|---|---|---|---|
| Product: | [Fedora] Fedora | Reporter: | Tom London <selinux> |
| Component: | libgpod | Assignee: | Bastien Nocera <bnocera> |
| Status: | CLOSED DUPLICATE | QA Contact: | Fedora Extras Quality Assurance <extras-qa> |
| Severity: | unspecified | Docs Contact: | |
| Priority: | unspecified | ||
| Version: | 20 | CC: | cfergeau, chkr, ciekawy, nathaniel, pbrobinson |
| Target Milestone: | --- | ||
| Target Release: | --- | ||
| Hardware: | Unspecified | ||
| OS: | Unspecified | ||
| Whiteboard: | |||
| Fixed In Version: | Doc Type: | Bug Fix | |
| Doc Text: | Story Points: | --- | |
| Clone Of: | Environment: | ||
| Last Closed: | 2013-11-05 13:53:30 UTC | Type: | Bug |
| Regression: | --- | Mount Type: | --- |
| Documentation: | --- | CRM: | |
| Verified Versions: | Category: | --- | |
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
| Cloudforms Team: | --- | Target Upstream Version: | |
| Embargoed: | |||
$ rpm -qf /usr/lib/udev/iphone-set-info libgpod-0.8.2-9.fc19.x86_64 It probably needs updating for the changed API in the unstable releases of libimobiledevice. [tbl@tlondon ~]$ rpm -qf /usr/lib/udev/iphone-set-info libgpod-0.8.2-9.fc20.x86_64 [tbl@tlondon ~]$ This bug appears to have been reported against 'rawhide' during the Fedora 20 development cycle. Changing version to '20'. More information and reason for this action is here: https://fedoraproject.org/wiki/BugZappers/HouseKeeping/Fedora20 *** This bug has been marked as a duplicate of bug 951167 *** |
Description of problem: Here is what I see when I plug in an iPhone 4S: Jun 18 07:06:43 tlondon kernel: [ 3654.946228] traps: iphone-set-info[20912] general protection ip:356c40bea6 sp:7fff3a87e450 error:0 in libimobiledevice.so.4.0.1[356c400000+1a000] and /tmp/root/.config/libimobiledevice/libimobiledevicerc seems not a very secure filename/place to be using: perhaps someplace in /run? Here are the AVCs: SELinux is preventing /usr/lib/udev/iphone-set-info from write access on the directory /tmp/. ***** Plugin catchall (100. confidence) suggests *************************** If you believe that iphone-set-info should be allowed write access on the directory by default. Then you should report this as a bug. You can generate a local policy module to allow this access. Do allow this access for now by executing: # grep iphone-set-info /var/log/audit/audit.log | audit2allow -M mypol # semodule -i mypol.pp Additional Information: Source Context system_u:system_r:udev_t:s0-s0:c0.c1023 Target Context system_u:object_r:tmp_t:s0 Target Objects /tmp/ [ dir ] Source iphone-set-info Source Path /usr/lib/udev/iphone-set-info Port <Unknown> Host tlondon.localhost.org Source RPM Packages libgpod-0.8.2-9.fc20.x86_64 Target RPM Packages filesystem-3.2-13.fc20.x86_64 Policy RPM selinux-policy-3.12.1-52.fc20.noarch Selinux Enabled True Policy Type targeted Enforcing Mode Enforcing Host Name tlondon.localhost.org Platform Linux tlondon.localhost.org 3.10.0-0.rc5.git0.2.fc20.x86_64 #1 SMP Tue Jun 11 14:24:36 UTC 2013 x86_64 x86_64 Alert Count 13 First Seen 2013-06-18 06:58:31 PDT Last Seen 2013-06-18 06:58:31 PDT Local ID 7538bd17-79f3-4947-8ca6-8cecb7a96b0e Raw Audit Messages type=AVC msg=audit(1371563911.306:174): avc: denied { write } for pid=20155 comm="iphone-set-info" name="/" dev="tmpfs" ino=10501 scontext=system_u:system_r:udev_t:s0-s0:c0.c1023 tcontext=system_u:object_r:tmp_t:s0 tclass=dir type=SYSCALL msg=audit(1371563911.306:174): arch=x86_64 syscall=mkdir success=no exit=EACCES a0=1fa0530 a1=1ed a2=36f81c2788 a3=7fffc6025210 items=1 ppid=1 pid=20155 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 ses=4294967295 tty=(none) comm=iphone-set-info exe=/usr/lib/udev/iphone-set-info subj=system_u:system_r:udev_t:s0-s0:c0.c1023 key=(null) type=CWD msg=audit(1371563911.306:174): cwd=/ type=PATH msg=audit(1371563911.306:174): item=0 name=/tmp/ inode=10501 dev=00:21 mode=041777 ouid=0 ogid=0 rdev=00:00 obj=system_u:object_r:tmp_t:s0 Hash: iphone-set-info,udev_t,tmp_t,dir,write Doing the "permissive" thing, I see this too: SELinux is preventing /usr/lib/udev/iphone-set-info from create access on the file /tmp/root/.config/libimobiledevice/. ***** Plugin catchall (100. confidence) suggests *************************** If you believe that iphone-set-info should be allowed create access on the file by default. Then you should report this as a bug. You can generate a local policy module to allow this access. Do allow this access for now by executing: # grep iphone-set-info /var/log/audit/audit.log | audit2allow -M mypol # semodule -i mypol.pp Additional Information: Source Context system_u:system_r:udev_t:s0-s0:c0.c1023 Target Context system_u:object_r:tmp_t:s0 Target Objects /tmp/root/.config/libimobiledevice/ [ file ] Source iphone-set-info Source Path /usr/lib/udev/iphone-set-info Port <Unknown> Host tlondon.localhost.org Source RPM Packages libgpod-0.8.2-9.fc20.x86_64 Target RPM Packages Policy RPM selinux-policy-3.12.1-52.fc20.noarch Selinux Enabled True Policy Type targeted Enforcing Mode Permissive Host Name tlondon.localhost.org Platform Linux tlondon.localhost.org 3.10.0-0.rc5.git0.2.fc20.x86_64 #1 SMP Tue Jun 11 14:24:36 UTC 2013 x86_64 x86_64 Alert Count 1 First Seen 2013-06-18 07:06:41 PDT Last Seen 2013-06-18 07:06:41 PDT Local ID 0bbde6d3-2695-45a4-9909-11f176483f65 Raw Audit Messages type=AVC msg=audit(1371564401.477:313): avc: denied { create } for pid=20912 comm="iphone-set-info" name="libimobiledevicerc" scontext=system_u:system_r:udev_t:s0-s0:c0.c1023 tcontext=system_u:object_r:tmp_t:s0 tclass=file type=AVC msg=audit(1371564401.477:313): avc: denied { write open } for pid=20912 comm="iphone-set-info" path="/tmp/root/.config/libimobiledevice/libimobiledevicerc" dev="tmpfs" ino=77144 scontext=system_u:system_r:udev_t:s0-s0:c0.c1023 tcontext=system_u:object_r:tmp_t:s0 tclass=file type=SYSCALL msg=audit(1371564401.477:313): arch=x86_64 syscall=open success=yes exit=EINTR a0=19e23a0 a1=241 a2=1b6 a3=4444313430304333 items=2 ppid=1 pid=20912 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 ses=4294967295 tty=(none) comm=iphone-set-info exe=/usr/lib/udev/iphone-set-info subj=system_u:system_r:udev_t:s0-s0:c0.c1023 key=(null) type=CWD msg=audit(1371564401.477:313): cwd=/ type=PATH msg=audit(1371564401.477:313): item=0 name=/tmp/root/.config/libimobiledevice/ inode=77143 dev=00:21 mode=040755 ouid=0 ogid=0 rdev=00:00 obj=system_u:object_r:tmp_t:s0 type=PATH msg=audit(1371564401.477:313): item=1 name=/tmp/root/.config/libimobiledevice/libimobiledevicerc inode=77144 dev=00:21 mode=0100644 ouid=0 ogid=0 rdev=00:00 obj=system_u:object_r:tmp_t:s0 Hash: iphone-set-info,udev_t,tmp_t,file,create Version-Release number of selected component (if applicable): libimobiledevice-1.1.5-1.fc20.x86_64 How reproducible: every time.... Steps to Reproduce: 1. 2. 3. Actual results: Expected results: Additional info: