Bugzilla will be upgraded to version 5.0 on December 2, 2018. The outage period for the upgrade will start at 0:00 UTC and have a duration of 12 hours
First Last Prev Next    This bug is not in your last search results.
Bug 147334 - User_t can't { read ioctl } event_device_t
User_t can't { read ioctl } event_device_t
Status: CLOSED RAWHIDE
Product: Fedora
Classification: Fedora
Component: selinux-policy-strict (Show other bugs)
rawhide
i386 Linux
medium Severity medium
: ---
: ---
Assigned To: Daniel Walsh
:
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2005-02-07 08:34 EST by Ivan Gyurdiev
Modified: 2007-11-30 17:10 EST (History)
0 users

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2005-02-07 17:34:46 EST
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)
Add an attachment (proposed patch, testcase, etc.)

  None (edit)
Description Ivan Gyurdiev 2005-02-07 08:34:01 EST 
From Bugzilla Helper:
User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.7.5)
Gecko/20041228 Firefox/1.0 Fedora/1.0-8

Description of problem:
Look, UT2004 demo can't { read ioctl } the event device.
Is this a capability that should be added to user_t?

audit(1107767201.508:0): avc:  denied  { read } for  pid=9006
exe=/home/phantom/ut2004demo/System/ut2004-bin name=event0 dev=tmpfs
ino=6370 scontext=user_u:user_r:user_t
tcontext=system_u:object_r:event_device_t tclass=chr_file

audit(1107767201.509:0): avc:  denied  { ioctl } for  pid=9006
exe=/home/phantom/ut2004demo/System/ut2004-bin path=/dev/input/event0
dev=tmpfs ino=6370 scontext=user_u:user_r:user_t
tcontext=system_u:object_r:event_device_t tclass=chr_file


Version-Release number of selected component (if applicable):
selinux-policy-strict-1.21.8-4

How reproducible:
Didn't try

Steps to Reproduce:
    

Additional info:
Comment 1 Daniel Walsh 2005-02-07 11:06:03 EST 
I am going to allow base_user apps to read event_device_t.  I don't know of any
security implications of this.  

Policy 1.21.8-6
Comment 2 Ivan Gyurdiev 2005-02-07 17:34:46 EST 
Hmm, if you say it's okay...
Note You need to log in before you can comment on or make changes to this bug.
First Last Prev Next    This bug is not in your last search results.