Red Hat Bugzilla – Bug 1015910
selinux with confined users (staff_u) does not allow audio
Last modified: 2013-10-07 20:18:19 EDT
Created attachment 808583 [details]
raw avc denials
Description of problem: Selinux is preventing staff_u from using audio.
Version-Release number of selected component (if applicable): I found the problem with aucacuious
Steps to Reproduce:
1. selinux enabled
2. confine user(s) as staff_u
3. attempt to run audacity
Actual results: Audacity does not run
Expected results: Audacity runs and I can play music files
Attaching raw avc denials
module myaudacious 1.0;
class unix_stream_socket connectto;
#============= staff_t ==============
allow staff_t unconfined_t:unix_stream_socket connectto;
note: user_u do not have this problem, only staff_u
No it would not work either. The problem here is the audio server is running as unconfined_t. Did you start it outside of the service script?
I believe this problem happens if you switch from unconfined_u to staff_u.
Thank you both for looking at this report.
I installed Fedora 20 (alpha) and confined my users (user_u and one staff_u).
It is the xcfe spin and the audio server was started automatically, I believe at log in.
At any rate, no, I did not start the server manually.
user_u can use audio without any problem.
only staff_u had a problem with the audio server.
bodhi. Bottom line, if you switched to staff_u and then rebooted it would not have happened. Perhaps you had a left over process running as unconfined_t (Pulseaudio?) that staff_t was trying to communicate with.
Thank you once again for your patience Daniel, rebooting indeed resolved the issue.