Description of problem: I tried changing volume on mpd SELinux is preventing /usr/bin/pulseaudio from using the 'execmem' accesses on a process. ***** Plugin catchall (100. confidence) suggests ************************** If jeśli pulseaudio powinno mieć domyślnie execmem dostęp do procesów z etykietami mpd_t. Then proszę to zgłosić jako błąd. Można utworzyć lokalny moduł polityki, aby umożliwić ten dostęp. Do można tymczasowo zezwolić na ten dostęp wykonując polecenia: # grep 616C73612D73696E6B2D5553422041 /var/log/audit/audit.log | audit2allow -M mojapolityka # semodule -i mojapolityka.pp Additional Information: Source Context system_u:system_r:mpd_t:s0 Target Context system_u:system_r:mpd_t:s0 Target Objects [ process ] Source 616C73612D73696E6B2D5553422041 Source Path /usr/bin/pulseaudio Port <Unknown> Host (removed) Source RPM Packages pulseaudio-4.0-9.gitf81e3.fc20.x86_64 Target RPM Packages Policy RPM selinux-policy-3.12.1-106.fc20.noarch Selinux Enabled True Policy Type targeted Enforcing Mode Enforcing Host Name (removed) Platform Linux (removed) 3.12.7-300.fc20.x86_64 #1 SMP Fri Jan 10 15:35:31 UTC 2014 x86_64 x86_64 Alert Count 1 First Seen 2014-01-19 20:35:14 CET Last Seen 2014-01-19 20:35:14 CET Local ID 3e298e5a-c831-49d7-8e4f-fe22afe5fcde Raw Audit Messages type=AVC msg=audit(1390160114.277:658): avc: denied { execmem } for pid=29933 comm=616C73612D73696E6B2D5553422041 scontext=system_u:system_r:mpd_t:s0 tcontext=system_u:system_r:mpd_t:s0 tclass=process type=SYSCALL msg=audit(1390160114.277:658): arch=x86_64 syscall=mmap success=no exit=EACCES a0=0 a1=10000 a2=7 a3=22 items=0 ppid=1 pid=29933 auid=4294967295 uid=983 gid=980 euid=983 suid=983 fsuid=983 egid=980 sgid=980 fsgid=980 ses=4294967295 tty=(none) comm=616C73612D73696E6B2D5553422041 exe=/usr/bin/pulseaudio subj=system_u:system_r:mpd_t:s0 key=(null) Hash: 616C73612D73696E6B2D5553422041,mpd_t,mpd_t,process,execmem Additional info: reporter: libreport-2.1.11 hashmarkername: setroubleshoot kernel: 3.12.7-300.fc20.x86_64 type: libreport
Does everything work correctly?
(In reply to Miroslav Grepl from comment #1) > Does everything work correctly? No, I doesn't hear the music played by mpd, nor it shows in pavucontrol.
I added commit ded9cbf72658f8ef859a3d62a820bc1c1c437f21 Author: Miroslav Grepl <mgrepl> Date: Mon Jan 20 08:51:04 2014 +0100 Add mpd_execmem boolean You can allow it using # grep mpd_t /var/log/audit/audit.log | audit2allow -M mojapolityka # semodule -i mojapolityka.pp for now.
selinux-policy-3.12.1-119.fc20 has been submitted as an update for Fedora 20. https://admin.fedoraproject.org/updates/selinux-policy-3.12.1-119.fc20
Package selinux-policy-3.12.1-119.fc20: * should fix your issue, * was pushed to the Fedora 20 testing repository, * should be available at your local mirror within two days. Update it with: # su -c 'yum update --enablerepo=updates-testing selinux-policy-3.12.1-119.fc20' as soon as you are able to. Please go to the following url: https://admin.fedoraproject.org/updates/FEDORA-2014-1249/selinux-policy-3.12.1-119.fc20 then log in and leave karma (feedback).
selinux-policy-3.12.1-119.fc20 has been pushed to the Fedora 20 stable repository. If problems still persist, please make note of it in this bug report.