First Last Prev Next    This bug is not in your last search results.
Bug 121916 - cd device denied for playing cd as normal user
cd device denied for playing cd as normal user
Status: CLOSED CURRENTRELEASE
Product: Fedora
Classification: Fedora
Component: policy (Show other bugs)
rawhide
All Linux
medium Severity medium
: ---
: ---
Assigned To: Daniel Walsh
Ben Levenson
http://www.redhat.com/archives/fedora...
:
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2004-04-28 21:30 EDT by Andrew Farris
Modified: 2007-11-30 17:10 EST (History)
2 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2004-11-30 14:06:55 EST
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)
Add an attachment (proposed patch, testcase, etc.)

  None (edit)
Description Andrew Farris 2004-04-28 21:30:37 EDT 
Description of problem:
A normal user is not permitted to play a cd due to incorrect device
context.  The default policy labels the cd device (/dev/hdc in my
case) as fixed_disk_devict_t.  When the device is relabeled as
removable_device_t the cd can be played.

Version-Release number of selected component (if applicable):
policy-1.11.2-18
policy-sources-1.11.2-18

How reproducible:
always

Steps to Reproduce:
1. install default policy
2. fixfiles relabel
3. play cd as normal user (cdp or cdplay)

Actual results:
playing cd is denied with this audit:
Apr 26 15:09:24 CirithUngol kernel: audit(1083017364.035:0): avc:
denied  { ioctl } for  pid=10129 exe=/usr/bin/cdp path=/dev/hdc dev=hdb8
ino=66203 scontext=user_u:user_r:user_t
tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file

Expected results:
playing of the cd would be permitted

Additional info:
See the URL for mailing list discussion.
Comment 1 Daniel Walsh 2004-09-15 13:11:15 EDT 
Latest policy and udev changes should create the cdrom device with the
correct context.

selinux-policy-strict-1.17.12-1
udev-030-25
Note You need to log in before you can comment on or make changes to this bug.
First Last Prev Next    This bug is not in your last search results.