Description of problem: When I use brltty with my Esys 40, I view this error. Brltty doesn't stop but this error always reappears. Version-Release number of selected component (if applicable): Brltty : 5.2 BrlAPI Server : 0.6.3 How reproducible: Just enable and start brltty with sudo systemctl enable brltty.service && sudo systemctl start brltty.service. Steps to Reproduce: 1. Enable and start brltty. 2. Use with orca. 3. Actual results: No crash but this allert. Expected results: Additional info: Message from selinux log : SELinux is preventing /usr/bin/brltty from ioctl access on the chr_file /dev/bus/usb/002/004. ***** Plugin catchall (100. confidence) suggests ************************** If vous pensez que brltty devrait être autorisé à accéder ioctl sur 004 chr_file par défaut. Then vous devriez rapporter ceci en tant qu'anomalie. Vous pouvez générer un module de stratégie local pour autoriser cet accès. Do autoriser cet accès pour le moment en exécutant : # grep brltty /var/log/audit/audit.log | audit2allow -M mypol # semodule -i mypol.pp Additional Information: Source Context system_u:system_r:brltty_t:s0 Target Context system_u:object_r:usb_device_t:s0 Target Objects /dev/bus/usb/002/004 [ chr_file ] Source brltty Source Path /usr/bin/brltty Port <Unknown> Host host.local Source RPM Packages brltty-5.2-1.fc21.x86_64 Target RPM Packages Policy RPM selinux-policy-3.13.1-105.1.fc21.noarch Selinux Enabled True Policy Type targeted Enforcing Mode Enforcing Host Name host.local Platform Linux host.local 3.18.5-201.fc21.x86_64 #1 SMP Mon Feb 2 21:00:58 UTC 2015 x86_64 x86_64 Alert Count 21 First Seen 2015-02-07 11:13:45 CET Last Seen 2015-02-07 14:27:00 CET Local ID ce120dd7-f0f7-43bf-a52f-405e9d8cc5ad Raw Audit Messages type=AVC msg=audit(1423315620.838:2624): avc: denied { ioctl } for pid=759 comm="brltty" path="/dev/bus/usb/002/004" dev="devtmpfs" ino=9922 scontext=system_u:system_r:brltty_t:s0 tcontext=system_u:object_r:usb_device_t:s0 tclass=chr_file permissive=1 type=SYSCALL msg=audit(1423315620.838:2624): arch=x86_64 syscall=ioctl success=yes exit=0 a0=a a1=8038550a a2=efe680 a3=c items=0 ppid=1 pid=759 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=brltty exe=/usr/bin/brltty subj=system_u:system_r:brltty_t:s0 key=(null) Hash: brltty,brltty_t,usb_device_t,chr_file,ioctl
I think it needs selinux rule, reassigning.
commit bc59934cf1049c5953a3ac1ee2f76dcc055f07cf Author: Lukas Vrabec <lvrabec> Date: Tue Feb 10 13:55:10 2015 +0100 Allow brltty ioctl on usb_device_t. BZ(1190349)
selinux-policy-3.13.1-105.5.fc21 has been submitted as an update for Fedora 21. https://admin.fedoraproject.org/updates/selinux-policy-3.13.1-105.5.fc21
Package selinux-policy-3.13.1-105.5.fc21: * should fix your issue, * was pushed to the Fedora 21 testing repository, * should be available at your local mirror within two days. Update it with: # su -c 'yum update --enablerepo=updates-testing selinux-policy-3.13.1-105.5.fc21' as soon as you are able to. Please go to the following url: https://admin.fedoraproject.org/updates/FEDORA-2015-2733/selinux-policy-3.13.1-105.5.fc21 then log in and leave karma (feedback).
I'm testing, but I had an others errors : "SELinux is preventing /usr/bin/brltty from ioctl access on the chr_file /dev/uinput. ***** Plugin catchall (100. confidence) suggests ************************** If vous pensez que brltty devrait être autorisé à accéder ioctl sur uinput chr_file par défaut. Then vous devriez rapporter ceci en tant qu'anomalie. Vous pouvez générer un module de stratégie local pour autoriser cet accès. Do autoriser cet accès pour le moment en exécutant : # grep brltty /var/log/audit/audit.log | audit2allow -M mypol # semodule -i mypol.pp Additional Information: Source Context system_u:system_r:brltty_t:s0 Target Context system_u:object_r:event_device_t:s0 Target Objects /dev/uinput [ chr_file ] Source brltty Source Path /usr/bin/brltty Port <Unknown> Host host.local Source RPM Packages brltty-5.2-1.fc21.x86_64 Target RPM Packages Policy RPM selinux-policy-3.13.1-105.5.fc21.noarch Selinux Enabled True Policy Type targeted Enforcing Mode Enforcing Host Name host.local Platform Linux host.local 3.18.7-200.fc21.x86_64 #1 SMP Wed Feb 11 21:53:17 UTC 2015 x86_64 x86_64 Alert Count 1 First Seen 2015-02-27 12:24:00 CET Last Seen 2015-02-27 12:24:00 CET Local ID 8e0bdd65-c533-47ca-98d4-9d3bda08b134 Raw Audit Messages type=AVC msg=audit(1425036240.75:138705): avc: denied { ioctl } for pid=15302 comm="brltty" path="/dev/uinput" dev="devtmpfs" ino=11932 scontext=system_u:system_r:brltty_t:s0 tcontext=system_u:object_r:event_device_t:s0 tclass=chr_file permissive=1 type=SYSCALL msg=audit(1425036240.75:138705): arch=x86_64 syscall=ioctl success=yes exit=0 a0=14 a1=4008556c a2=7fff98e73d50 a3=0 items=0 ppid=1 pid=15302 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=brltty exe=/usr/bin/brltty subj=system_u:system_r:brltty_t:s0 key=(null) Hash: brltty,brltty_t,event_device_t,chr_file,ioctl " "SELinux is preventing /usr/bin/brltty from write access on the chr_file uinput. ***** Plugin catchall (100. confidence) suggests ************************** If vous pensez que brltty devrait être autorisé à accéder write sur uinput chr_file par défaut. Then vous devriez rapporter ceci en tant qu'anomalie. Vous pouvez générer un module de stratégie local pour autoriser cet accès. Do autoriser cet accès pour le moment en exécutant : # grep brltty /var/log/audit/audit.log | audit2allow -M mypol # semodule -i mypol.pp Additional Information: Source Context system_u:system_r:brltty_t:s0 Target Context system_u:object_r:event_device_t:s0 Target Objects uinput [ chr_file ] Source brltty Source Path /usr/bin/brltty Port <Unknown> Host host.local Source RPM Packages brltty-5.2-1.fc21.x86_64 Target RPM Packages Policy RPM selinux-policy-3.13.1-105.5.fc21.noarch Selinux Enabled True Policy Type targeted Enforcing Mode Enforcing Host Name host.local Platform Linux host.local 3.18.7-200.fc21.x86_64 #1 SMP Wed Feb 11 21:53:17 UTC 2015 x86_64 x86_64 Alert Count 1 First Seen 2015-02-27 12:24:00 CET Last Seen 2015-02-27 12:24:00 CET Local ID 688a67d9-29d1-44c8-b017-466e1064735a Raw Audit Messages type=AVC msg=audit(1425036240.75:138703): avc: denied { write } for pid=15302 comm="brltty" name="uinput" dev="devtmpfs" ino=11932 scontext=system_u:system_r:brltty_t:s0 tcontext=system_u:object_r:event_device_t:s0 tclass=chr_file permissive=1 type=AVC msg=audit(1425036240.75:138703): avc: denied { open } for pid=15302 comm="brltty" path="/dev/uinput" dev="devtmpfs" ino=11932 scontext=system_u:system_r:brltty_t:s0 tcontext=system_u:object_r:event_device_t:s0 tclass=chr_file permissive=1 type=SYSCALL msg=audit(1425036240.75:138703): arch=x86_64 syscall=open success=yes exit=ENOTDIR a0=8bd040 a1=1 a2=1 a3=20 items=0 ppid=1 pid=15302 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=brltty exe=/usr/bin/brltty subj=system_u:system_r:brltty_t:s0 key=(null) Hash: brltty,brltty_t,event_device_t,chr_file,write " Thanks.
Hi, This is also needed?
Hi, I don't know, I think it's may be for accessing to the braille keyboard (but I don't use it). I'm just a user of brltty, I don't know if brltty has realy need it. Is there are a brltty developper around?
(In reply to Lukas Vrabec from comment #6) > Hi, > This is also needed? The uinput interface is used for input events injection, so brltty also needs R/W access to /dev/uinput. Also if uinput kernel module is not loaded (afaik it is the default in Fedora) it tries to modprobe it itself.
Thank you Jaroslav, I'll add rules.
commit e9cd25c954769046f005824513bea68038d7f7b2 Author: Lukas Vrabec <lvrabec> Date: Fri Feb 27 17:21:51 2015 +0100 Allow brltty rw event device. BZ(1190349)
selinux-policy-3.13.1-105.6.fc21 has been submitted as an update for Fedora 21. https://admin.fedoraproject.org/updates/selinux-policy-3.13.1-105.6.fc21
Package selinux-policy-3.13.1-105.6.fc21: * should fix your issue, * was pushed to the Fedora 21 testing repository, * should be available at your local mirror within two days. Update it with: # su -c 'yum update --enablerepo=updates-testing selinux-policy-3.13.1-105.6.fc21' as soon as you are able to. Please go to the following url: https://admin.fedoraproject.org/updates/FEDORA-2015-3476/selinux-policy-3.13.1-105.6.fc21 then log in and leave karma (feedback).
selinux-policy-3.13.1-105.6.fc21 has been pushed to the Fedora 21 stable repository. If problems still persist, please make note of it in this bug report.
Now, i have an other error (when I started Orca) : "SELinux is preventing /usr/bin/brltty (deleted) from accept access on the tcp_socket port None."
(In reply to Anthony Poncet from comment #14) > Now, i have an other error (when I started Orca) : > "SELinux is preventing /usr/bin/brltty (deleted) from accept access on the > tcp_socket port None." Strange, could you try restart brltty?
I restart brltty and orca, and this message appear when I restarted or started Orca. (When orca connecting to brltty).
If you can reproduce it, please open separate bugzilla.