Bug 121916 - cd device denied for playing cd as normal user
Summary: cd device denied for playing cd as normal user
Status: CLOSED CURRENTRELEASE
Alias: None
Product: Fedora
Classification: Fedora
Component: policy (Show other bugs)
(Show other bugs)
Version: rawhide
Hardware: All Linux
medium
medium
Target Milestone: ---
Assignee: Daniel Walsh
QA Contact: Ben Levenson
URL: http://www.redhat.com/archives/fedora...
Whiteboard:
Keywords:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2004-04-29 01:30 UTC by Andrew Farris
Modified: 2007-11-30 22:10 UTC (History)
2 users (show)

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2004-11-30 19:06:55 UTC
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)

Description Andrew Farris 2004-04-29 01:30:37 UTC
Description of problem:
A normal user is not permitted to play a cd due to incorrect device
context.  The default policy labels the cd device (/dev/hdc in my
case) as fixed_disk_devict_t.  When the device is relabeled as
removable_device_t the cd can be played.

Version-Release number of selected component (if applicable):
policy-1.11.2-18
policy-sources-1.11.2-18

How reproducible:
always

Steps to Reproduce:
1. install default policy
2. fixfiles relabel
3. play cd as normal user (cdp or cdplay)

Actual results:
playing cd is denied with this audit:
Apr 26 15:09:24 CirithUngol kernel: audit(1083017364.035:0): avc:
denied  { ioctl } for  pid=10129 exe=/usr/bin/cdp path=/dev/hdc dev=hdb8
ino=66203 scontext=user_u:user_r:user_t
tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file

Expected results:
playing of the cd would be permitted

Additional info:
See the URL for mailing list discussion.

Comment 1 Daniel Walsh 2004-09-15 17:11:15 UTC
Latest policy and udev changes should create the cdrom device with the
correct context.

selinux-policy-strict-1.17.12-1
udev-030-25


Note You need to log in before you can comment on or make changes to this bug.