Bugzilla will be upgraded to version 5.0 on a still to be determined date in the near future. The original upgrade date has been delayed.
First Last Prev Next    This bug is not in your last search results.
Bug 121916 - cd device denied for playing cd as normal user
cd device denied for playing cd as normal user
Status: CLOSED CURRENTRELEASE
Product: Fedora
Classification: Fedora
Component: policy (Show other bugs)
rawhide
All Linux
medium Severity medium
: ---
: ---
Assigned To: Daniel Walsh
Ben Levenson
http://www.redhat.com/archives/fedora...
:
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2004-04-28 21:30 EDT by Andrew Farris
Modified: 2007-11-30 17:10 EST (History)
2 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2004-11-30 14:06:55 EST
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)
Add an attachment (proposed patch, testcase, etc.)

  None (edit)
Description Andrew Farris 2004-04-28 21:30:37 EDT 
Description of problem:
A normal user is not permitted to play a cd due to incorrect device
context.  The default policy labels the cd device (/dev/hdc in my
case) as fixed_disk_devict_t.  When the device is relabeled as
removable_device_t the cd can be played.

Version-Release number of selected component (if applicable):
policy-1.11.2-18
policy-sources-1.11.2-18

How reproducible:
always

Steps to Reproduce:
1. install default policy
2. fixfiles relabel
3. play cd as normal user (cdp or cdplay)

Actual results:
playing cd is denied with this audit:
Apr 26 15:09:24 CirithUngol kernel: audit(1083017364.035:0): avc:
denied  { ioctl } for  pid=10129 exe=/usr/bin/cdp path=/dev/hdc dev=hdb8
ino=66203 scontext=user_u:user_r:user_t
tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file

Expected results:
playing of the cd would be permitted

Additional info:
See the URL for mailing list discussion.
Comment 1 Daniel Walsh 2004-09-15 13:11:15 EDT 
Latest policy and udev changes should create the cdrom device with the
correct context.

selinux-policy-strict-1.17.12-1
udev-030-25
Note You need to log in before you can comment on or make changes to this bug.
First Last Prev Next    This bug is not in your last search results.