Bug 184431 - hald produces avc denied message for hald-addon-usb-csr
Summary: hald produces avc denied message for hald-addon-usb-csr
Status: CLOSED RAWHIDE
Alias: None
Product: Fedora
Classification: Fedora
Component: selinux-policy-targeted   
(Show other bugs)
Version: rawhide
Hardware: i386
OS: Linux
medium
medium
Target Milestone: ---
Assignee: Daniel Walsh
QA Contact:
URL:
Whiteboard:
Keywords:
Depends On:
Blocks: 183679
TreeView+ depends on / blocked
 
Reported: 2006-03-08 18:30 UTC by Bernard Johnson
Modified: 2007-11-30 22:11 UTC (History)
0 users

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2006-03-09 09:14:26 UTC
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)

Description Bernard Johnson 2006-03-08 18:30:06 UTC
From Bugzilla Helper:
User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.8.0.1) Gecko/20060306 Fedora/1.5.0.1-7 Firefox/1.5.0.1

Description of problem:
The following audit message are recorded when haldaemon is started.

[root@localhost ~]# service haldaemon restart
Stopping HAL daemon:                                       [  OK  ]
Starting HAL daemon:                                       [  OK  ]

audit2allow recommends:
[root@localhost ~]# audit2allow -a
allow crond_t self:process { execheap execstack };
allow dmidecode_t tmp_t:file write;
allow hald_t usb_device_t:chr_file { ioctl read write };
allow load_policy_t policy_config_t:file write;
allow load_policy_t semanage_read_lock_t:file { read write };
allow load_policy_t semanage_trans_lock_t:file { read write };
allow lvm_t self:capability sys_rawio;
allow mount_t etc_t:file write;
allow ntpd_t hald_t:fd use;
allow system_mail_t crond_t:fifo_file getattr;
allow unconfined_t self:process execheap;


[root@localhost ~]# tail -f /var/log/audit/audit.log
type=AVC msg=audit(1141842428.568:29): avc:  denied  { read write } for  pid=2787 comm="hald-addon-usb-" name="006" dev=tmpfs ino=17771 scontext=user_u:system_r:hald_t:s0 tcontext=system_u:object_r:usb_device_t:s0 tclass=chr_file
type=SYSCALL msg=audit(1141842428.568:29): arch=40000003 syscall=5 success=yes exit=5 a0=bfc87f3e a1=2 a2=1 a3=bfc87f3e items=1 pid=2787 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 comm="hald-addon-usb-" exe="/usr/libexec/hald-addon-usb-csr"
type=CWD msg=audit(1141842428.568:29):  cwd="/usr/libexec"
type=PATH msg=audit(1141842428.568:29): item=0 name="/dev/bus/usb/001/006" flags=101  inode=17771 dev=00:0f mode=020644 ouid=0 ogid=0 rdev=bd:05
type=AVC msg=audit(1141842428.568:30): avc:  denied  { ioctl } for  pid=2787 comm="hald-addon-usb-" name="006" dev=tmpfs ino=17771 scontext=user_u:system_r:hald_t:s0 tcontext=system_u:object_r:usb_device_t:s0 tclass=chr_file
type=SYSCALL msg=audit(1141842428.568:30): arch=40000003 syscall=54 success=yes exit=0 a0=5 a1=40085511 a2=bfc87f34 a3=bfc87f3e items=0 pid=2787 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 comm="hald-addon-usb-" exe="/usr/libexec/hald-addon-usb-csr"
type=AVC_PATH msg=audit(1141842428.568:30):  path="/dev/bus/usb/001/006"
type=AVC msg=audit(1141842518.619:31): avc:  denied  { read write } for  pid=2787 comm="hald-addon-usb-" name="006" dev=tmpfs ino=17771 scontext=user_u:system_r:hald_t:s0 tcontext=system_u:object_r:usb_device_t:s0 tclass=chr_file
type=SYSCALL msg=audit(1141842518.619:31): arch=40000003 syscall=5 success=yes exit=5 a0=bfc87e1e a1=2 a2=1 a3=bfc87e1e items=1 pid=2787 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 comm="hald-addon-usb-" exe="/usr/libexec/hald-addon-usb-csr"
type=CWD msg=audit(1141842518.619:31):  cwd="/usr/libexec"
type=PATH msg=audit(1141842518.619:31): item=0 name="/dev/bus/usb/001/006" flags=101  inode=17771 dev=00:0f mode=020644 ouid=0 ogid=0 rdev=bd:05
type=AVC msg=audit(1141842518.619:32): avc:  denied  { ioctl } for  pid=2787 comm="hald-addon-usb-" name="006" dev=tmpfs ino=17771 scontext=user_u:system_r:hald_t:s0 tcontext=system_u:object_r:usb_device_t:s0 tclass=chr_file
type=SYSCALL msg=audit(1141842518.619:32): arch=40000003 syscall=54 success=yes exit=0 a0=5 a1=40085511 a2=bfc87e14 a3=bfc87e1e items=0 pid=2787 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 comm="hald-addon-usb-" exe="/usr/libexec/hald-addon-usb-csr"
type=AVC_PATH msg=audit(1141842518.619:32):  path="/dev/bus/usb/001/006"

Version-Release number of selected component (if applicable):
selinux-policy-targeted-2.2.23-6, hal-0.5.7-3

How reproducible:
Always

Steps to Reproduce:
1. tail -f /var/log/audit/audit.log
2. service restart haldaemon
3.
  

Actual Results:  avc denied messages

Expected Results:  clean run

Additional info:

Comment 1 Daniel Walsh 2006-03-08 21:57:52 UTC
Fixed in selinux-policy-targeted-2.2.23-8

Comment 2 Bernard Johnson 2006-03-09 09:14:26 UTC
The messages no longer appear in today's rawhide
(selinux-policy-targeted-2.2.23-11).


Note You need to log in before you can comment on or make changes to this bug.