Bug 120303 - tvtime broken because of policy
tvtime broken because of policy
Status: CLOSED CURRENTRELEASE
Product: Fedora
Classification: Fedora
Component: policy (Show other bugs)
rawhide
All Linux
medium Severity medium
: ---
: ---
Assigned To: Russell Coker
Ben Levenson
:
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2004-04-07 13:08 EDT by lupus
Modified: 2007-11-30 17:10 EST (History)
3 users (show)

See Also:
Fixed In Version: 1.25.4-10.1
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2005-09-15 11:58:14 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)

  None (edit)
Description lupus 2004-04-07 13:08:24 EDT
Description of problem:

tvtime says it can not use /dev/video0, so it does not work anymore

tvtime needs the right to access /dev/video0 !!!

Version-Release number of selected component (if applicable):
tvtime-0.9.12-5
policy-1.9.2-12

How reproducible:


Steps to Reproduce:
1.
2.
3.
  
Actual results:


Expected results:


Additional info:

in dmesg:
audit(1081357231.807:0): avc:  denied  { read write } for  pid=2112
exe=/usr/bin /tvtime name=video0 dev=hda3 ino=190244
scontext=user_u:user_r:user_t tcontext=s ystem_u:object_r:v4l_device_t
tclass=chr_file

bttv driver has to be modprobed by hand and even then tvtime does not
work. So it's not an driver issue.
Comment 1 Daniel Walsh 2004-04-12 07:31:18 EDT
Fixed in policy-1.11.1-1
Comment 2 lupus 2004-04-21 13:32:12 EDT
audit(1082569152.619:0): avc:  denied  { ioctl } for  pid=2115
exe=/usr/bin/tvtime path=/dev/video0 dev=hda3 ino=190244
scontext=user_u:user_r:user_t tcontext=system_u:object_r:v4l_device_t
tclass=chr_file

still broken
Comment 3 Daniel Walsh 2004-04-22 09:33:30 EDT
Ok, could you change it to permissive mode and run the command and
then give us the AVC messages.

Dan
Comment 4 lupus 2004-04-26 13:12:30 EDT
audit(1083000151.939:0): avc:  denied  { read } for  pid=2192
exe=/usr/bin/tvtime name=rtc dev=hda3 ino=184867
scontext=user_u:user_r:user_t
tcontext=system_u:object_r:clock_device_t tclass=chr_file
audit(1083000151.939:0): avc:  denied  { ioctl } for  pid=2192
exe=/usr/bin/tvtime path=/dev/rtc dev=hda3 ino=184867
scontext=user_u:user_r:user_t
tcontext=system_u:object_r:clock_device_t tclass=chr_file
audit(1083000151.939:0): avc:  denied  { sys_resource } for  pid=2192
exe=/usr/bin/tvtime capability=24 scontext=user_u:user_r:user_t
tcontext=user_u:user_r:user_t tclass=capability
audit(1083000151.939:0): avc:  denied  { setuid } for  pid=2192
exe=/usr/bin/tvtime capability=7 scontext=user_u:user_r:user_t
tcontext=user_u:user_r:user_t tclass=capability
audit(1083000151.968:0): avc:  denied  { ioctl } for  pid=2192
exe=/usr/bin/tvtime path=/dev/video0 dev=hda3 ino=190244
scontext=user_u:user_r:user_t tcontext=system_u:object_r:v4l_device_t
tclass=chr_file

this is it
Comment 5 David Balažic 2004-06-15 03:21:09 EDT
Here is what I get on my vanilla FC2 installation :

tvtime can not acces /dev/rtc and /dev/video0 :

[stein@localhost stein]$ tvtime
Running tvtime 0.9.12.
rtctimer: Cannot open /dev/rtc: Permission denied
rtctimer: Cannot open /dev/misc/rtc: No such file or directory
 
    Enhanced Real Time Clock support in your kernel is necessary for
    smooth video.  We strongly recommend that you load the 'rtc' kernel
    module before starting tvtime, and make sure that your user has
    access to the device file (/dev/rtc or /dev/misc/rtc).  See our
    support page at http://tvtime.net/ for more information.
 
Reading configuration from /etc/tvtime/tvtime.xml
Reading configuration from /home/stein/.tvtime/tvtime.xml
videoinput: Cannot open capture device /dev/video0: Permission denied
Thank you for using tvtime.
[stein@localhost stein]$ rpm -q tvtime
tvtime-0.9.12-5
Comment 6 Daniel Walsh 2004-09-29 16:59:42 EDT
Added new tvtime policy selinux-policy-strict-1.17.24-3

Note You need to log in before you can comment on or make changes to this bug.