1055239 – SELinux is preventing /usr/bin/pulseaudio from using the 'execmem' accesses on a process.

Bug 1055239 - SELinux is preventing /usr/bin/pulseaudio from using the 'execmem' accesses on a process.

Summary: SELinux is preventing /usr/bin/pulseaudio from using the 'execmem' accesses o...

Keywords:
Status:	CLOSED ERRATA
Alias:	None
Product:	Fedora
Classification:	Fedora
Component:	selinux-policy
Sub Component:
Version:	20
Hardware:	x86_64
OS:	Unspecified
Priority:	unspecified
Severity:	unspecified
Target Milestone:	---
Assignee:	Miroslav Grepl
QA Contact:	Fedora Extras Quality Assurance
Docs Contact:
URL:
Whiteboard:	abrt_hash:6811ca131999fed981d8ae8b72d...
Depends On:
Blocks:
TreeView+	depends on / blocked

Reported:	2014-01-19 19:36 UTC by Cysioland
Modified:	2014-01-23 11:07 UTC (History)
CC List:	5 users (show)
Fixed In Version:	selinux-policy-3.12.1-119.fc20
Doc Type:	Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed:	2014-01-23 11:07:18 UTC
Type:	---
Embargoed:
Dependent Products:

Attachments	(Terms of Use)

Links
System	ID	Private	Priority	Status	Summary	Last Updated
Red Hat Bugzilla	1055240	0	unspecified	CLOSED	[abrt] pulseaudio: orc_code_region_get_free_chunk(): pulseaudio killed by SIGABRT	2021-02-22 00:41:40 UTC

Internal Links: 1055240

Description Cysioland 2014-01-19 19:36:53 UTC

Description of problem:
I tried changing volume on mpd
SELinux is preventing /usr/bin/pulseaudio from using the 'execmem' accesses on a process.

*****  Plugin catchall (100. confidence) suggests   **************************

If jeśli pulseaudio powinno mieć domyślnie execmem dostęp do procesów z etykietami mpd_t.
Then proszę to zgłosić jako błąd.
Można utworzyć lokalny moduł polityki, aby umożliwić ten dostęp.
Do
można tymczasowo zezwolić na ten dostęp wykonując polecenia:
# grep 616C73612D73696E6B2D5553422041 /var/log/audit/audit.log | audit2allow -M mojapolityka
# semodule -i mojapolityka.pp

Additional Information:
Source Context                system_u:system_r:mpd_t:s0
Target Context                system_u:system_r:mpd_t:s0
Target Objects                 [ process ]
Source                        616C73612D73696E6B2D5553422041
Source Path                   /usr/bin/pulseaudio
Port                          <Unknown>
Host                          (removed)
Source RPM Packages           pulseaudio-4.0-9.gitf81e3.fc20.x86_64
Target RPM Packages           
Policy RPM                    selinux-policy-3.12.1-106.fc20.noarch
Selinux Enabled               True
Policy Type                   targeted
Enforcing Mode                Enforcing
Host Name                     (removed)
Platform                      Linux (removed) 3.12.7-300.fc20.x86_64 #1 SMP Fri
                              Jan 10 15:35:31 UTC 2014 x86_64 x86_64
Alert Count                   1
First Seen                    2014-01-19 20:35:14 CET
Last Seen                     2014-01-19 20:35:14 CET
Local ID                      3e298e5a-c831-49d7-8e4f-fe22afe5fcde

Raw Audit Messages
type=AVC msg=audit(1390160114.277:658): avc:  denied  { execmem } for  pid=29933 comm=616C73612D73696E6B2D5553422041 scontext=system_u:system_r:mpd_t:s0 tcontext=system_u:system_r:mpd_t:s0 tclass=process


type=SYSCALL msg=audit(1390160114.277:658): arch=x86_64 syscall=mmap success=no exit=EACCES a0=0 a1=10000 a2=7 a3=22 items=0 ppid=1 pid=29933 auid=4294967295 uid=983 gid=980 euid=983 suid=983 fsuid=983 egid=980 sgid=980 fsgid=980 ses=4294967295 tty=(none) comm=616C73612D73696E6B2D5553422041 exe=/usr/bin/pulseaudio subj=system_u:system_r:mpd_t:s0 key=(null)

Hash: 616C73612D73696E6B2D5553422041,mpd_t,mpd_t,process,execmem

Additional info:
reporter:       libreport-2.1.11
hashmarkername: setroubleshoot
kernel:         3.12.7-300.fc20.x86_64
type:           libreport

Comment 1 Miroslav Grepl 2014-01-19 20:55:44 UTC

Does everything work correctly?

Comment 2 Cysioland 2014-01-19 20:58:15 UTC

(In reply to Miroslav Grepl from comment #1)
> Does everything work correctly?

No, I doesn't hear the music played by mpd, nor it shows in pavucontrol.

Comment 3 Miroslav Grepl 2014-01-20 07:52:24 UTC

I added


commit ded9cbf72658f8ef859a3d62a820bc1c1c437f21
Author: Miroslav Grepl <mgrepl>
Date:   Mon Jan 20 08:51:04 2014 +0100

    Add mpd_execmem boolean


You can allow it using

# grep mpd_t /var/log/audit/audit.log | audit2allow -M mojapolityka
# semodule -i mojapolityka.pp

for now.

Comment 4 Fedora Update System 2014-01-20 22:10:34 UTC

selinux-policy-3.12.1-119.fc20 has been submitted as an update for Fedora 20.
https://admin.fedoraproject.org/updates/selinux-policy-3.12.1-119.fc20

Comment 5 Fedora Update System 2014-01-22 03:08:28 UTC

Package selinux-policy-3.12.1-119.fc20:
* should fix your issue,
* was pushed to the Fedora 20 testing repository,
* should be available at your local mirror within two days.
Update it with:
# su -c 'yum update --enablerepo=updates-testing selinux-policy-3.12.1-119.fc20'
as soon as you are able to.
Please go to the following url:
https://admin.fedoraproject.org/updates/FEDORA-2014-1249/selinux-policy-3.12.1-119.fc20
then log in and leave karma (feedback).

Comment 6 Fedora Update System 2014-01-23 11:07:18 UTC

selinux-policy-3.12.1-119.fc20 has been pushed to the Fedora 20 stable repository.  If problems still persist, please make note of it in this bug report.

Note You need to log in before you can comment on or make changes to this bug.