Bug 132225 - nautlus-cd asking for disc insertion repeatadly
nautlus-cd asking for disc insertion repeatadly
Status: CLOSED RAWHIDE
Product: Fedora
Classification: Fedora
Component: nautilus-cd-burner (Show other bugs)
3
i686 Linux
medium Severity medium
: ---
: ---
Assigned To: Alexander Larsson
:
Depends On:
Blocks: FC3Target
  Show dependency treegraph
 
Reported: 2004-09-09 19:55 EDT by Jim Cornette
Modified: 2015-05-28 12:05 EDT (History)
5 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2004-09-14 18:28:37 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)
This is var/log/messages grepped for avc errors (19.41 KB, text/plain)
2004-09-10 18:27 EDT, Jim Cornette
no flags Details
user ran udevstart fail -root fail also. (855.84 KB, text/plain)
2004-09-14 12:54 EDT, Jim Cornette
no flags Details

  None (edit)
Description Jim Cornette 2004-09-09 19:55:27 EDT
From Bugzilla Helper:
User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.7.2)
Gecko/20040809

Description of problem:
Using the first release candidate for FC3T2, I tried to right click on
an iso file for the second release candidate. Much to my dismay, it
kept asking for a CD from a dialog box that kept popping up
repeatadly. A blank CD was already inserted in the drive and the
burn:/// nautilus window was launched automaticaly and closed by me,
when it popped up.

I tried the cd program in both of the different bays that I have. Both
of the drives had the same symptom. This was tried with SELinux at the
default install setting. targeted/enforcing if this might be an
influencing factor.

I have successfully installed the isos from the hard disk. I ended up
successfully burning a disc using k3b as root. This was a boot.iso
file for release candidate 2 for FC3T2.

Version-Release number of selected component (if applicable):


How reproducible:
Always

Steps to Reproduce:
1. launch nautilus and navigate to iso files
2. right click on write to CD file
3. try to burn iso image
    

Actual Results:  All steps up to the dialog box popping up and asking
for a disc to be entered completed normally.

Expected Results:  I expected a disc to be successfully burned as in
FC2 does.

Additional info:

I did not try with deactivating SELinux or as root. The program might
work as root, but never launched as root.
Comment 1 Jim Cornette 2004-09-10 18:27:30 EDT
Created attachment 103707 [details]
This is var/log/messages grepped for avc errors

Should this be reassigned to selinux-policy-targeted-1.17.11-2 ?
Comment 2 Jim Cornette 2004-09-10 18:33:32 EDT
All my prior comments were lost.

Situation, as root, a CD can be burned by opening a nautilus browser,
navigating to the iso file and right clicking on the file.

Also, I tried to launch as a regular user and got the described problem.
I then turned off selinux enforcing with setenforce 0

I clicked on the popup box and it burned a CD as desired.

I have selinux-policy-targeted-1.17.11-2 installed currently.
Comment 3 Alexander Larsson 2004-09-14 09:50:03 EDT
Hmm. This is a permissions issue. We lack the permissions to do
something, and it results in n-c-b thinking there is no disk in the
drive. If you chmod a+rwx the cdrom device node things work.

Need to look into whats causing this and how to the console owner have
write rights.
Comment 4 Alexander Larsson 2004-09-14 10:02:46 EDT
(This is without selinux)
Comment 5 Alexander Larsson 2004-09-14 10:15:04 EDT
The way this used to work was kudzu creating /dev/cdwriter, and
pam_console giving the console user rights to it through
console.perms. However, with udev etc, this is not happening right now.
Comment 6 Alexander Larsson 2004-09-14 10:23:57 EDT
Oh, you need the latest udev, it has the cdrom enumeration code. Then
reboot or run udevstart and this should work.
Comment 7 Jim Cornette 2004-09-14 12:51:16 EDT
I ran udevstart as normal user and got this failure in dmesg. I tried
running udevstart again, as root, and got the similar error.

kjournald starting.  Commit interval 5 seconds
EXT3 FS on sda1, internal journal
EXT3-fs: mounted filesystem with ordered data mode.
SELinux: initialized (dev sda1, type ext3), uses xattr
cdrom: This disc doesn't have any tracks I recognize!

for /var/log/messages, I'll attach the messages as an attachment.

Comment 8 Jim Cornette 2004-09-14 12:54:47 EDT
Created attachment 103835 [details]
user ran udevstart fail -root fail  also.

This is with selinux still active. I got the same dialig box again and again. I
have udev-030-24
 installed
Comment 9 Jim Cornette 2004-09-14 18:17:38 EDT
This seems to work after running udevstart, then rebooting. I could
not get any positive results until a clean reboot.

dmesg
cdrom: This disc doesn't have any tracks I recognize!

I guess this indicates recognition and a blank CD in the unit.

Sep 14 18:14:00 cornette-hda kernel: cdrom: This disc doesn't have any
track s I recognize!

Thanks!
Comment 10 Jim Cornette 2004-09-14 18:28:37 EDT
I'm not sure as to what to mark bug resolution as. udev-030-24 is
installed. The n-c-b program did not work with the same version
installed as booted until udevstart was ran and was rebooted.

Is this supposed to be ran as root or regular user? I ran it once as
user and once as root before rebooting and testing again.

This system was a clean installation using RC1 for FC3T2 and was
upgraded from rawhide to current level reflecting the rawhide mix.

I picked rawhide, but think that running the udevstart utility was
needed to get things into a working state.
Comment 11 Alexander Larsson 2004-09-15 03:29:41 EDT
udevstart is ran automatically on bootup.
Comment 12 David hiker 2009-01-30 02:23:17 EST
Summary:

SELinux is preventing ntpd (ntpd_t) "read write" unconfined_t.

Detailed Description:

SELinux denied access requested by ntpd. It is not expected that this access is
required by ntpd and this access may signal an intrusion attempt. It is also
possible that the specific version or configuration of the application is
causing it to require additional access.

Allowing Access:

You can generate a local policy module to allow this access - see FAQ
(http://fedora.redhat.com/docs/selinux-faq-fc5/#id2961385) Or you can disable
SELinux protection altogether. Disabling SELinux protection is not recommended.
Please file a bug report (http://bugzilla.redhat.com/bugzilla/enter_bug.cgi)
against this package.

Additional Information:

Source Context                unconfined_u:system_r:ntpd_t:s0
Target Context                unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1
                              023
Target Objects                socket [ unix_stream_socket ]
Source                        ntpd
Source Path                   /usr/sbin/ntpd
Port                          <Unknown>
Host                          entertain.hiker.cn
Source RPM Packages           ntp-4.2.4p5-2.fc10
Target RPM Packages           
Policy RPM                    selinux-policy-3.5.13-18.fc10
Selinux Enabled               True
Policy Type                   targeted
MLS Enabled                   True
Enforcing Mode                Enforcing
Plugin Name                   catchall
Host Name                     entertain.hiker.cn
Platform                      Linux entertain.hiker.cn 2.6.27.5-117.fc10.x86_64
                              #1 SMP Tue Nov 18 11:58:53 EST 2008 x86_64 x86_64
Alert Count                   1
First Seen                    Fri 30 Jan 2009 08:01:18 PM HKT
Last Seen                     Fri 30 Jan 2009 08:05:06 PM HKT
Local ID                      f622a4c1-219f-4fea-b115-67fabd7d25df
Line Numbers                  

Raw Audit Messages            

node=entertain.hiker.cn type=AVC msg=audit(1233317106.72:31): avc:  denied  { read write } for  pid=3805 comm="ntpd" path="socket:[19855]" dev=sockfs ino=19855 scontext=unconfined_u:system_r:ntpd_t:s0 tcontext=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 tclass=unix_stream_socket

node=entertain.hiker.cn type=SYSCALL msg=audit(1233317106.72:31): arch=c000003e syscall=59 success=yes exit=0 a0=1e1e480 a1=1e1d310 a2=1e1ec60 a3=7fffac43ff40 items=0 ppid=3804 pid=3805 auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=1 comm="ntpd" exe="/usr/sbin/ntpd" subj=unconfined_u:system_r:ntpd_t:s0 key=(null)
Comment 13 arttorney 2009-08-18 11:22:41 EDT
I don't know if this is the right time or place for this because I am new at this stuff, but selinux is interfering with the HPLIP driver for my HP Laserjet 5200.  The troubleshooter gives some specific changes to make to deal with this problem (generating a local policy module), but it also says "please report" so here is what is going on:

Additional InformationSource Context:  system_u:system_r:hplip_t:s0Target Context:  system_u:object_r:security_t:s0Target Objects:  mls [ file ]Source:  pythonSource Path:  /usr/bin/pythonPort:  <Unknown>Host:  serverSource RPM Packages:  python-2.6-9.fc11Target RPM Packages:  Policy RPM:  selinux-policy-3.6.12-53.fc11Selinux Enabled:  TruePolicy Type:  targetedMLS Enabled:  TrueEnforcing Mode:  EnforcingPlugin Name:  catchallHost Name:  serverPlatform:  Linux server 2.6.29.5-191.fc11.i586 #1 SMP Tue Jun 16 23:11:39 EDT 2009 i686 i686Alert Count:  2First Seen:  Mon 06 Jul 2009 06:30:17 PM MSTLast Seen:  Mon 06 Jul 2009 06:30:19 PM MSTLocal ID:  19ed836a-0e62-464a-bb85-dedcf6278552Line Numbers:  Raw Audit Messages :node=server type=AVC msg=audit(1246930219.663:10): avc: denied { read } for pid=1712 comm="python" name="mls" dev=selinuxfs ino=12 scontext=system_u:system_r:hplip_t:s0 tcontext=system_u:object_r:security_t:s0 tclass=file node=server type=SYSCALL msg=audit(1246930219.663:10): arch=40000003 syscall=5 success=no exit=-13 a0=bfa0f288 a1=8000 a2=0 a3=bfa0f288 items=0 ppid=1512 pid=1712 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="python" exe="/usr/bin/python" subj=system_u:system_r:hplip_t:s0 key=(null)
Comment 14 Christine 2013-01-15 05:19:21 EST
Summary:

SELinux is preventing pmap_set (portmap_helper_t) "read" to inotify
(inotifyfs_t).

Detailed Description:

[SELinux is in permissive mode, the operation would have been denied but was
permitted due to permissive mode.]

SELinux denied access requested by pmap_set. It is not expected that this access
is required by pmap_set and this access may signal an intrusion attempt. It is
also possible that the specific version or configuration of the application is
causing it to require additional access.

Allowing Access:

Sometimes labeling problems can cause SELinux denials. You could try to restore
the default system file context for inotify,

restorecon -v 'inotify'

If this does not work, there is currently no automatic way to allow this access.
Instead, you can generate a local policy module to allow this access - see FAQ
(http://fedora.redhat.com/docs/selinux-faq-fc5/#id2961385) Or you can disable
SELinux protection altogether. Disabling SELinux protection is not recommended.
Please file a bug report (http://bugzilla.redhat.com/bugzilla/enter_bug.cgi)
against this package.

Additional Information:

Source Context                root:system_r:portmap_helper_t
Target Context                system_u:object_r:inotifyfs_t
Target Objects                inotify [ dir ]
Source                        pmap_dump
Source Path                   /usr/sbin/pmap_dump
Port                          <Unknown>
Host                          www.******.com
Source RPM Packages           portmap-4.0-65.2.2.1
Target RPM Packages           
Policy RPM                    selinux-policy-2.4.6-327.el5
Selinux Enabled               True
Policy Type                   targeted
MLS Enabled                   True
Enforcing Mode                Permissive
Plugin Name                   catchall_file
Host Name                     www.******.com
Platform                      Linux www.********.com
                              2.6.18-308.24.1.el5PAE #1 SMP Tue Dec 4 18:28:32
                              EST 2012 i686 athlon
Alert Count                   2
First Seen                    Mon 14 Jan 2013 02:05:09 PM PST
Last Seen                     Mon 14 Jan 2013 02:05:10 PM PST
Local ID                      a4fa9428-78a2-464f-a13d-7959a6715910
Line Numbers                  

Raw Audit Messages            

host=www.*******.com type=AVC msg=audit(1358201110.78:26): avc:  denied  { read } for  pid=4136 comm="pmap_set" path="inotify" dev=inotifyfs ino=409 scontext=root:system_r:portmap_helper_t:s0 tcontext=system_u:object_r:inotifyfs_t:s0 tclass=dir

host=www.couch-potato-sales.com type=SYSCALL msg=audit(1358201110.78:26): arch=40000003 syscall=11 success=yes exit=0 a0=9ceffb0 a1=9cf0048 a2=9cf0248 a3=0 items=0 ppid=4117 pid=4136 auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=1 comm="pmap_set" exe="/usr/sbin/pmap_set" subj=root:system_r:portmap_helper_t:s0 key=(null)

Note You need to log in before you can comment on or make changes to this bug.