Bug 120303 - tvtime broken because of policy
Summary: tvtime broken because of policy
Keywords:
Status: CLOSED CURRENTRELEASE
Alias: None
Product: Fedora
Classification: Fedora
Component: policy
Version: rawhide
Hardware: All
OS: Linux
medium
medium
Target Milestone: ---
Assignee: Russell Coker
QA Contact: Ben Levenson
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2004-04-07 17:08 UTC by lupus
Modified: 2007-11-30 22:10 UTC (History)
3 users (show)

Fixed In Version: 1.25.4-10.1
Doc Type: Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed: 2005-09-15 15:58:14 UTC
Type: ---
Embargoed:

Attachments (Terms of Use)

Description lupus 2004-04-07 17:08:24 UTC 
Description of problem:

tvtime says it can not use /dev/video0, so it does not work anymore

tvtime needs the right to access /dev/video0 !!!

Version-Release number of selected component (if applicable):
tvtime-0.9.12-5
policy-1.9.2-12

How reproducible:


Steps to Reproduce:
1.
2.
3.
  
Actual results:


Expected results:


Additional info:

in dmesg:
audit(1081357231.807:0): avc:  denied  { read write } for  pid=2112
exe=/usr/bin /tvtime name=video0 dev=hda3 ino=190244
scontext=user_u:user_r:user_t tcontext=s ystem_u:object_r:v4l_device_t
tclass=chr_file

bttv driver has to be modprobed by hand and even then tvtime does not
work. So it's not an driver issue.
Comment 1 Daniel Walsh 2004-04-12 11:31:18 UTC 
Fixed in policy-1.11.1-1
Comment 2 lupus 2004-04-21 17:32:12 UTC 
audit(1082569152.619:0): avc:  denied  { ioctl } for  pid=2115
exe=/usr/bin/tvtime path=/dev/video0 dev=hda3 ino=190244
scontext=user_u:user_r:user_t tcontext=system_u:object_r:v4l_device_t
tclass=chr_file

still broken
Comment 3 Daniel Walsh 2004-04-22 13:33:30 UTC 
Ok, could you change it to permissive mode and run the command and
then give us the AVC messages.

Dan
Comment 4 lupus 2004-04-26 17:12:30 UTC 
audit(1083000151.939:0): avc:  denied  { read } for  pid=2192
exe=/usr/bin/tvtime name=rtc dev=hda3 ino=184867
scontext=user_u:user_r:user_t
tcontext=system_u:object_r:clock_device_t tclass=chr_file
audit(1083000151.939:0): avc:  denied  { ioctl } for  pid=2192
exe=/usr/bin/tvtime path=/dev/rtc dev=hda3 ino=184867
scontext=user_u:user_r:user_t
tcontext=system_u:object_r:clock_device_t tclass=chr_file
audit(1083000151.939:0): avc:  denied  { sys_resource } for  pid=2192
exe=/usr/bin/tvtime capability=24 scontext=user_u:user_r:user_t
tcontext=user_u:user_r:user_t tclass=capability
audit(1083000151.939:0): avc:  denied  { setuid } for  pid=2192
exe=/usr/bin/tvtime capability=7 scontext=user_u:user_r:user_t
tcontext=user_u:user_r:user_t tclass=capability
audit(1083000151.968:0): avc:  denied  { ioctl } for  pid=2192
exe=/usr/bin/tvtime path=/dev/video0 dev=hda3 ino=190244
scontext=user_u:user_r:user_t tcontext=system_u:object_r:v4l_device_t
tclass=chr_file

this is it
Comment 5 David Balažic 2004-06-15 07:21:09 UTC 
Here is what I get on my vanilla FC2 installation :

tvtime can not acces /dev/rtc and /dev/video0 :

[stein@localhost stein]$ tvtime
Running tvtime 0.9.12.
rtctimer: Cannot open /dev/rtc: Permission denied
rtctimer: Cannot open /dev/misc/rtc: No such file or directory
 
    Enhanced Real Time Clock support in your kernel is necessary for
    smooth video.  We strongly recommend that you load the 'rtc' kernel
    module before starting tvtime, and make sure that your user has
    access to the device file (/dev/rtc or /dev/misc/rtc).  See our
    support page at http://tvtime.net/ for more information.
 
Reading configuration from /etc/tvtime/tvtime.xml
Reading configuration from /home/stein/.tvtime/tvtime.xml
videoinput: Cannot open capture device /dev/video0: Permission denied
Thank you for using tvtime.
[stein@localhost stein]$ rpm -q tvtime
tvtime-0.9.12-5
Comment 6 Daniel Walsh 2004-09-29 20:59:42 UTC 
Added new tvtime policy selinux-policy-strict-1.17.24-3
Note You need to log in before you can comment on or make changes to this bug.