From Bugzilla Helper: User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.7.2) Gecko/20040809 Description of problem: Using the first release candidate for FC3T2, I tried to right click on an iso file for the second release candidate. Much to my dismay, it kept asking for a CD from a dialog box that kept popping up repeatadly. A blank CD was already inserted in the drive and the burn:/// nautilus window was launched automaticaly and closed by me, when it popped up. I tried the cd program in both of the different bays that I have. Both of the drives had the same symptom. This was tried with SELinux at the default install setting. targeted/enforcing if this might be an influencing factor. I have successfully installed the isos from the hard disk. I ended up successfully burning a disc using k3b as root. This was a boot.iso file for release candidate 2 for FC3T2. Version-Release number of selected component (if applicable): How reproducible: Always Steps to Reproduce: 1. launch nautilus and navigate to iso files 2. right click on write to CD file 3. try to burn iso image Actual Results: All steps up to the dialog box popping up and asking for a disc to be entered completed normally. Expected Results: I expected a disc to be successfully burned as in FC2 does. Additional info: I did not try with deactivating SELinux or as root. The program might work as root, but never launched as root.
Created attachment 103707 [details] This is var/log/messages grepped for avc errors Should this be reassigned to selinux-policy-targeted-1.17.11-2 ?
All my prior comments were lost. Situation, as root, a CD can be burned by opening a nautilus browser, navigating to the iso file and right clicking on the file. Also, I tried to launch as a regular user and got the described problem. I then turned off selinux enforcing with setenforce 0 I clicked on the popup box and it burned a CD as desired. I have selinux-policy-targeted-1.17.11-2 installed currently.
Hmm. This is a permissions issue. We lack the permissions to do something, and it results in n-c-b thinking there is no disk in the drive. If you chmod a+rwx the cdrom device node things work. Need to look into whats causing this and how to the console owner have write rights.
(This is without selinux)
The way this used to work was kudzu creating /dev/cdwriter, and pam_console giving the console user rights to it through console.perms. However, with udev etc, this is not happening right now.
Oh, you need the latest udev, it has the cdrom enumeration code. Then reboot or run udevstart and this should work.
I ran udevstart as normal user and got this failure in dmesg. I tried running udevstart again, as root, and got the similar error. kjournald starting. Commit interval 5 seconds EXT3 FS on sda1, internal journal EXT3-fs: mounted filesystem with ordered data mode. SELinux: initialized (dev sda1, type ext3), uses xattr cdrom: This disc doesn't have any tracks I recognize! for /var/log/messages, I'll attach the messages as an attachment.
Created attachment 103835 [details] user ran udevstart fail -root fail also. This is with selinux still active. I got the same dialig box again and again. I have udev-030-24 installed
This seems to work after running udevstart, then rebooting. I could not get any positive results until a clean reboot. dmesg cdrom: This disc doesn't have any tracks I recognize! I guess this indicates recognition and a blank CD in the unit. Sep 14 18:14:00 cornette-hda kernel: cdrom: This disc doesn't have any track s I recognize! Thanks!
I'm not sure as to what to mark bug resolution as. udev-030-24 is installed. The n-c-b program did not work with the same version installed as booted until udevstart was ran and was rebooted. Is this supposed to be ran as root or regular user? I ran it once as user and once as root before rebooting and testing again. This system was a clean installation using RC1 for FC3T2 and was upgraded from rawhide to current level reflecting the rawhide mix. I picked rawhide, but think that running the udevstart utility was needed to get things into a working state.
udevstart is ran automatically on bootup.
Summary: SELinux is preventing ntpd (ntpd_t) "read write" unconfined_t. Detailed Description: SELinux denied access requested by ntpd. It is not expected that this access is required by ntpd and this access may signal an intrusion attempt. It is also possible that the specific version or configuration of the application is causing it to require additional access. Allowing Access: You can generate a local policy module to allow this access - see FAQ (http://fedora.redhat.com/docs/selinux-faq-fc5/#id2961385) Or you can disable SELinux protection altogether. Disabling SELinux protection is not recommended. Please file a bug report (http://bugzilla.redhat.com/bugzilla/enter_bug.cgi) against this package. Additional Information: Source Context unconfined_u:system_r:ntpd_t:s0 Target Context unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1 023 Target Objects socket [ unix_stream_socket ] Source ntpd Source Path /usr/sbin/ntpd Port <Unknown> Host entertain.hiker.cn Source RPM Packages ntp-4.2.4p5-2.fc10 Target RPM Packages Policy RPM selinux-policy-3.5.13-18.fc10 Selinux Enabled True Policy Type targeted MLS Enabled True Enforcing Mode Enforcing Plugin Name catchall Host Name entertain.hiker.cn Platform Linux entertain.hiker.cn 2.6.27.5-117.fc10.x86_64 #1 SMP Tue Nov 18 11:58:53 EST 2008 x86_64 x86_64 Alert Count 1 First Seen Fri 30 Jan 2009 08:01:18 PM HKT Last Seen Fri 30 Jan 2009 08:05:06 PM HKT Local ID f622a4c1-219f-4fea-b115-67fabd7d25df Line Numbers Raw Audit Messages node=entertain.hiker.cn type=AVC msg=audit(1233317106.72:31): avc: denied { read write } for pid=3805 comm="ntpd" path="socket:[19855]" dev=sockfs ino=19855 scontext=unconfined_u:system_r:ntpd_t:s0 tcontext=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 tclass=unix_stream_socket node=entertain.hiker.cn type=SYSCALL msg=audit(1233317106.72:31): arch=c000003e syscall=59 success=yes exit=0 a0=1e1e480 a1=1e1d310 a2=1e1ec60 a3=7fffac43ff40 items=0 ppid=3804 pid=3805 auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=1 comm="ntpd" exe="/usr/sbin/ntpd" subj=unconfined_u:system_r:ntpd_t:s0 key=(null)
I don't know if this is the right time or place for this because I am new at this stuff, but selinux is interfering with the HPLIP driver for my HP Laserjet 5200. The troubleshooter gives some specific changes to make to deal with this problem (generating a local policy module), but it also says "please report" so here is what is going on: Additional InformationSource Context: system_u:system_r:hplip_t:s0Target Context: system_u:object_r:security_t:s0Target Objects: mls [ file ]Source: pythonSource Path: /usr/bin/pythonPort: <Unknown>Host: serverSource RPM Packages: python-2.6-9.fc11Target RPM Packages: Policy RPM: selinux-policy-3.6.12-53.fc11Selinux Enabled: TruePolicy Type: targetedMLS Enabled: TrueEnforcing Mode: EnforcingPlugin Name: catchallHost Name: serverPlatform: Linux server 2.6.29.5-191.fc11.i586 #1 SMP Tue Jun 16 23:11:39 EDT 2009 i686 i686Alert Count: 2First Seen: Mon 06 Jul 2009 06:30:17 PM MSTLast Seen: Mon 06 Jul 2009 06:30:19 PM MSTLocal ID: 19ed836a-0e62-464a-bb85-dedcf6278552Line Numbers: Raw Audit Messages :node=server type=AVC msg=audit(1246930219.663:10): avc: denied { read } for pid=1712 comm="python" name="mls" dev=selinuxfs ino=12 scontext=system_u:system_r:hplip_t:s0 tcontext=system_u:object_r:security_t:s0 tclass=file node=server type=SYSCALL msg=audit(1246930219.663:10): arch=40000003 syscall=5 success=no exit=-13 a0=bfa0f288 a1=8000 a2=0 a3=bfa0f288 items=0 ppid=1512 pid=1712 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="python" exe="/usr/bin/python" subj=system_u:system_r:hplip_t:s0 key=(null)
Summary: SELinux is preventing pmap_set (portmap_helper_t) "read" to inotify (inotifyfs_t). Detailed Description: [SELinux is in permissive mode, the operation would have been denied but was permitted due to permissive mode.] SELinux denied access requested by pmap_set. It is not expected that this access is required by pmap_set and this access may signal an intrusion attempt. It is also possible that the specific version or configuration of the application is causing it to require additional access. Allowing Access: Sometimes labeling problems can cause SELinux denials. You could try to restore the default system file context for inotify, restorecon -v 'inotify' If this does not work, there is currently no automatic way to allow this access. Instead, you can generate a local policy module to allow this access - see FAQ (http://fedora.redhat.com/docs/selinux-faq-fc5/#id2961385) Or you can disable SELinux protection altogether. Disabling SELinux protection is not recommended. Please file a bug report (http://bugzilla.redhat.com/bugzilla/enter_bug.cgi) against this package. Additional Information: Source Context root:system_r:portmap_helper_t Target Context system_u:object_r:inotifyfs_t Target Objects inotify [ dir ] Source pmap_dump Source Path /usr/sbin/pmap_dump Port <Unknown> Host www.******.com Source RPM Packages portmap-4.0-65.2.2.1 Target RPM Packages Policy RPM selinux-policy-2.4.6-327.el5 Selinux Enabled True Policy Type targeted MLS Enabled True Enforcing Mode Permissive Plugin Name catchall_file Host Name www.******.com Platform Linux www.********.com 2.6.18-308.24.1.el5PAE #1 SMP Tue Dec 4 18:28:32 EST 2012 i686 athlon Alert Count 2 First Seen Mon 14 Jan 2013 02:05:09 PM PST Last Seen Mon 14 Jan 2013 02:05:10 PM PST Local ID a4fa9428-78a2-464f-a13d-7959a6715910 Line Numbers Raw Audit Messages host=www.*******.com type=AVC msg=audit(1358201110.78:26): avc: denied { read } for pid=4136 comm="pmap_set" path="inotify" dev=inotifyfs ino=409 scontext=root:system_r:portmap_helper_t:s0 tcontext=system_u:object_r:inotifyfs_t:s0 tclass=dir host=www.couch-potato-sales.com type=SYSCALL msg=audit(1358201110.78:26): arch=40000003 syscall=11 success=yes exit=0 a0=9ceffb0 a1=9cf0048 a2=9cf0248 a3=0 items=0 ppid=4117 pid=4136 auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=1 comm="pmap_set" exe="/usr/sbin/pmap_set" subj=root:system_r:portmap_helper_t:s0 key=(null)