Description of problem: Failure to access ttyUSB0 out of the box. SELinux is preventing smsd from read, write access on the chr_file ttyUSB0. ***** Plugin catchall (100. confidence) suggests ************************** If sie denken, dass es smsd standardmässig erlaubt sein sollte, read write Zugriff auf ttyUSB0 chr_file zu erhalten. Then sie sollten dies als Fehler melden. Um diesen Zugriff zu erlauben, können Sie ein lokales Richtlinien-Modul erstellen. Do zugriff jetzt erlauben, indem Sie die nachfolgenden Befehle ausführen: # grep smsd /var/log/audit/audit.log | audit2allow -M mypol # semodule -i mypol.pp Additional Information: Source Context system_u:system_r:smsd_t:s0 Target Context system_u:object_r:usbtty_device_t:s0 Target Objects ttyUSB0 [ chr_file ] Source smsd Source Path smsd Port <Unknown> Host (removed) Source RPM Packages Target RPM Packages Policy RPM selinux-policy-3.13.1-128.6.fc22.noarch selinux- policy-3.13.1-128.8.fc22.noarch Selinux Enabled True Policy Type targeted Enforcing Mode Enforcing Host Name (removed) Platform Linux (removed) 4.1.2-200.fc22.x86_64 #1 SMP Wed Jul 15 20:12:12 UTC 2015 x86_64 x86_64 Alert Count 2 First Seen 2015-08-05 14:09:25 CEST Last Seen 2015-08-05 14:09:55 CEST Local ID 51df2507-ac3f-456c-b1ac-f767a23e9561 Raw Audit Messages type=AVC msg=audit(1438776595.234:732): avc: denied { read write } for pid=1068 comm="smsd" name="ttyUSB0" dev="devtmpfs" ino=12722607 scontext=system_u:system_r:smsd_t:s0 tcontext=system_u:object_r:usbtty_device_t:s0 tclass=chr_file permissive=0 Hash: smsd,smsd_t,usbtty_device_t,chr_file,read,write Version-Release number of selected component: selinux-policy-3.13.1-128.6.fc22.noarch selinux-policy-3.13.1-128.8.fc22.noarch Additional info: reporter: libreport-2.6.2 hashmarkername: setroubleshoot kernel: 4.1.2-200.fc22.x86_64 type: libreport
I fixed it with: <<<<<<<<<<<<<< module smsd_accesses_ttyUSB0 1.0; require { type usbtty_device_t; type smsd_t; class chr_file { read write ioctl open }; } #============= smsd_t ============== allow smsd_t usbtty_device_t:chr_file ioctl; #!!!! This avc is allowed in the current policy allow smsd_t usbtty_device_t:chr_file { read write open }; >>>>>>>>>>>>>
commit 36e088ba8f630a2662365f166dc4953d9b1cf17c Author: Lukas Vrabec <lvrabec> Date: Sat Aug 22 18:43:53 2015 +0200 Allow smsd use usb ttys. BZ(#1250536)
selinux-policy-3.13.1-128.12.fc22 has been submitted as an update to Fedora 22. https://bugzilla.redhat.com/show_bug.cgi?id=1250536
selinux-policy-3.13.1-128.12.fc22 has been pushed to the Fedora 22 testing repository. If problems still persist, please make note of it in this bug report.\nIf you want to test the update, you can install it with \n su -c 'yum --enablerepo=updates-testing update selinux-policy'. You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2015-14076
selinux-policy-3.13.1-128.12.fc22 has been pushed to the Fedora 22 stable repository. If problems still persist, please make note of it in this bug report.