1590446 – selinux-policy blocks motion access to v4l camera

Bug 1590446 - selinux-policy blocks motion access to v4l camera

Summary: selinux-policy blocks motion access to v4l camera

Keywords:
Status:	CLOSED ERRATA
Alias:	None
Product:	Fedora
Classification:	Fedora
Component:	selinux-policy
Sub Component:
Version:	28
Hardware:	Unspecified
OS:	Linux
Priority:	unspecified
Severity:	unspecified
Target Milestone:	---
Assignee:	Lukas Vrabec
QA Contact:	Fedora Extras Quality Assurance
Docs Contact:
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+	depends on / blocked

Reported:	2018-06-12 15:24 UTC by Vaclav Danek
Modified:	2018-09-07 19:04 UTC (History)
CC List:	7 users (show)
Fixed In Version:	selinux-policy-3.14.1-36.fc28
Clone Of:
Environment:
Last Closed:	2018-07-29 03:23:36 UTC
Type:	Bug
Embargoed:
Dependent Products:

Attachments	(Terms of Use)

Description Vaclav Danek 2018-06-12 15:24:55 UTC

Description of problem:
selinux-policy blocks motion access to v4l camera

Version-Release number of selected component (if applicable):
selinux-policy-3.14.1-32.fc28.noarch
motion-4.1.1-4.fc28.x86_64

How reproducible:
Always

Steps to Reproduce:
1. use v4l usb camera for example ps3 eye
2. configure motion
3. start motion

Actual results:
access to camera is blocked

Expected results:
camera should be accessible for motion

Additional info:
type=AVC msg=audit(1528816280.009:425): avc:  denied  { map } for  pid=14945 comm="ml1" path="/dev/video0" dev="devtmpfs" ino=18994 scontext=system_u:system_r:motion_t:s0 tcontext=system_u:object_r:v4l_device_t:s0 tclass=chr_file permissive=0
type=MAC_STATUS msg=audit(1528816282.213:426): enforcing=0 old_enforcing=1 auid=1000 ses=6
type=USER_AVC msg=audit(1528816282.215:427): pid=774 uid=81 auid=4294967295 ses=4294967295 subj=system_u:system_r:system_dbusd_t:s0-s0:c0.c1023 msg='avc:  received setenforce notice (enforcing=0)  exe="/usr/bin/dbus-daemon" sauid=81 hostname=? addr=? terminal=?'
type=AVC msg=audit(1528816290.011:428): avc:  denied  { map } for  pid=14945 comm="ml1" path="/dev/video0" dev="devtmpfs" ino=18994 scontext=system_u:system_r:motion_t:s0 tcontext=system_u:object_r:v4l_device_t:s0 tclass=chr_file permissive=1

Comment 1 bugzilla_fedora 2018-07-08 21:13:04 UTC

Also observing this on F27:

selinux-policy.noarch                   3.13.1-283.35.fc27
selinux-policy-targeted.noarch          3.13.1-283.35.fc27
motion.x86_64                           4.1.1-1.fc27

Raw Audit Messages
type=AVC msg=audit(1531083900.219:746): avc:  denied  { map } for  pid=7339 comm="ml1" path="/dev/video0" dev="devtmpfs" ino=20595 scontext=system_u:system_r:motion_t:s0 tcontext=system_u:object_r:v4l_device_t:s0 tclass=chr_file permissive=0

Comment 2 Fedora Update System 2018-07-25 22:29:29 UTC

selinux-policy-3.14.1-36.fc28 has been submitted as an update to Fedora 28. https://bodhi.fedoraproject.org/updates/FEDORA-2018-1050fb248b

Comment 3 Fedora Update System 2018-07-26 16:31:45 UTC

selinux-policy-3.14.1-36.fc28 has been pushed to the Fedora 28 testing repository. If problems still persist, please make note of it in this bug report.
See https://fedoraproject.org/wiki/QA:Updates_Testing for
instructions on how to install test updates.
You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2018-1050fb248b

Comment 4 Fedora Update System 2018-07-29 03:23:36 UTC

selinux-policy-3.14.1-36.fc28 has been pushed to the Fedora 28 stable repository. If problems still persist, please make note of it in this bug report.

Note You need to log in before you can comment on or make changes to this bug.