Description of problem: I have a Treo 600 Palm OS 5.2 pda, cell phone, OGG/MP3/WMA player, mobile email, and mobile ssh client. When I plug it in, it shows up at /dev/usb/ttyUSB1 Many of the binaries from the pilot-link package want to read and write to that character device file. For sure the pilot-xfer utility. For example, audit(1082445673.351:0): avc: denied { read write } for pid=3647 exe=/usr/bin/pilot-xfer name=ttyUSB1 dev=hda8 ino=1210304 scontext=user_u:user_r:user_t tcontext=system_u:object_r:tty_device_t tclass=chr_file Additionally, I need to sync Evolution's calendar and address book with my Treo. Evolution uses gnome-pilot and it's gpilotd daemon to communicate with Palm devices. Currently this results in failure with the following avc message: audit(1082445978.961:0): avc: denied { read write } for pid=3735 exe=/usr/libexec/gpilotd name=ttyUSB1 dev=hda8 ino=1210304 scontext=user_u:user_r:user_t tcontext=system_u:object_r:tty_device_t tclass=chr_file
Change devices to usbtty_device_t and allowed users to r/w them. Fixed in policy-1.11.2-18. Requires you restorecon /dev/usb/*tty* After policy upgrade.
I was able to test this last night. You also need to allow 'getattr'. audit(1082998593.843:0): avc: denied { getattr } for pid=2983 exe=/usr/bin/pilot-xfer path=/dev/usb/ttyUSB1 dev=hda6 ino=700639 scontext=user_u:user_r:user_t tcontext=system_u:object_r:usbtty_device_t tclass=chr_file [dkelson@mentor dkelson]$ ls -al /dev/usb/ ?--------- ? ? ? ? ? auer0 ?--------- ? ? ? ? ? auer1 ?--------- ? ? ? ? ? auer10 [snip] ?--------- ? ? ? ? ? ttyUSB0 ?--------- ? ? ? ? ? ttyUSB1 ?--------- ? ? ? ? ? ttyUSB10 ?--------- ? ? ? ? ? ttyUSB11 [dkelson@mentor dkelson]$ pilot-xfer -p /dev/usb/ttyUSB1 -L Please check the permissions on /dev/usb/ttyUSB1.. Possible solution: chmod 0666 /dev/usb/ttyUSB1 Unable to bind to port: /dev/usb/ttyUSB1 Please use --help for more information
BTW, I suspect that CUPS is now unhappy because of this policy change. When CUPS starts I get: audit(1082997701.658:0): avc: denied { write } for pid=1557 exe=/usr/lib/cups/backend/serial name=ttyUSB6 dev=hda6 ino=700650 scontext=system_u:system_r:cupsd_t tcontext=system_u:object_r:usbtty_device_t tclass=chr_file audit(1082997701.658:0): avc: denied { write } for pid=1557 exe=/usr/lib/cups/backend/serial name=ttyUSB7 dev=hda6 ino=700651 scontext=system_u:system_r:cupsd_t tcontext=system_u:object_r:usbtty_device_t tclass=chr_file audit(1082997701.658:0): avc: denied { write } for pid=1557 exe=/usr/lib/cups/backend/serial name=ttyUSB8 dev=hda6 ino=700652 scontext=system_u:system_r:cupsd_t tcontext=system_u:object_r:usbtty_device_t tclass=chr_file
is this fixed now?
yes