Bug 184431 - hald produces avc denied message for hald-addon-usb-csr
hald produces avc denied message for hald-addon-usb-csr
Status: CLOSED RAWHIDE
Product: Fedora
Classification: Fedora
Component: selinux-policy-targeted (Show other bugs)
rawhide
i386 Linux
medium Severity medium
: ---
: ---
Assigned To: Daniel Walsh
:
Depends On:
Blocks: 183679
  Show dependency treegraph
 
Reported: 2006-03-08 13:30 EST by Bernard Johnson
Modified: 2007-11-30 17:11 EST (History)
0 users

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2006-03-09 04:14:26 EST
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)

  None (edit)
Description Bernard Johnson 2006-03-08 13:30:06 EST
From Bugzilla Helper:
User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.8.0.1) Gecko/20060306 Fedora/1.5.0.1-7 Firefox/1.5.0.1

Description of problem:
The following audit message are recorded when haldaemon is started.

[root@localhost ~]# service haldaemon restart
Stopping HAL daemon:                                       [  OK  ]
Starting HAL daemon:                                       [  OK  ]

audit2allow recommends:
[root@localhost ~]# audit2allow -a
allow crond_t self:process { execheap execstack };
allow dmidecode_t tmp_t:file write;
allow hald_t usb_device_t:chr_file { ioctl read write };
allow load_policy_t policy_config_t:file write;
allow load_policy_t semanage_read_lock_t:file { read write };
allow load_policy_t semanage_trans_lock_t:file { read write };
allow lvm_t self:capability sys_rawio;
allow mount_t etc_t:file write;
allow ntpd_t hald_t:fd use;
allow system_mail_t crond_t:fifo_file getattr;
allow unconfined_t self:process execheap;


[root@localhost ~]# tail -f /var/log/audit/audit.log
type=AVC msg=audit(1141842428.568:29): avc:  denied  { read write } for  pid=2787 comm="hald-addon-usb-" name="006" dev=tmpfs ino=17771 scontext=user_u:system_r:hald_t:s0 tcontext=system_u:object_r:usb_device_t:s0 tclass=chr_file
type=SYSCALL msg=audit(1141842428.568:29): arch=40000003 syscall=5 success=yes exit=5 a0=bfc87f3e a1=2 a2=1 a3=bfc87f3e items=1 pid=2787 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 comm="hald-addon-usb-" exe="/usr/libexec/hald-addon-usb-csr"
type=CWD msg=audit(1141842428.568:29):  cwd="/usr/libexec"
type=PATH msg=audit(1141842428.568:29): item=0 name="/dev/bus/usb/001/006" flags=101  inode=17771 dev=00:0f mode=020644 ouid=0 ogid=0 rdev=bd:05
type=AVC msg=audit(1141842428.568:30): avc:  denied  { ioctl } for  pid=2787 comm="hald-addon-usb-" name="006" dev=tmpfs ino=17771 scontext=user_u:system_r:hald_t:s0 tcontext=system_u:object_r:usb_device_t:s0 tclass=chr_file
type=SYSCALL msg=audit(1141842428.568:30): arch=40000003 syscall=54 success=yes exit=0 a0=5 a1=40085511 a2=bfc87f34 a3=bfc87f3e items=0 pid=2787 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 comm="hald-addon-usb-" exe="/usr/libexec/hald-addon-usb-csr"
type=AVC_PATH msg=audit(1141842428.568:30):  path="/dev/bus/usb/001/006"
type=AVC msg=audit(1141842518.619:31): avc:  denied  { read write } for  pid=2787 comm="hald-addon-usb-" name="006" dev=tmpfs ino=17771 scontext=user_u:system_r:hald_t:s0 tcontext=system_u:object_r:usb_device_t:s0 tclass=chr_file
type=SYSCALL msg=audit(1141842518.619:31): arch=40000003 syscall=5 success=yes exit=5 a0=bfc87e1e a1=2 a2=1 a3=bfc87e1e items=1 pid=2787 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 comm="hald-addon-usb-" exe="/usr/libexec/hald-addon-usb-csr"
type=CWD msg=audit(1141842518.619:31):  cwd="/usr/libexec"
type=PATH msg=audit(1141842518.619:31): item=0 name="/dev/bus/usb/001/006" flags=101  inode=17771 dev=00:0f mode=020644 ouid=0 ogid=0 rdev=bd:05
type=AVC msg=audit(1141842518.619:32): avc:  denied  { ioctl } for  pid=2787 comm="hald-addon-usb-" name="006" dev=tmpfs ino=17771 scontext=user_u:system_r:hald_t:s0 tcontext=system_u:object_r:usb_device_t:s0 tclass=chr_file
type=SYSCALL msg=audit(1141842518.619:32): arch=40000003 syscall=54 success=yes exit=0 a0=5 a1=40085511 a2=bfc87e14 a3=bfc87e1e items=0 pid=2787 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 comm="hald-addon-usb-" exe="/usr/libexec/hald-addon-usb-csr"
type=AVC_PATH msg=audit(1141842518.619:32):  path="/dev/bus/usb/001/006"

Version-Release number of selected component (if applicable):
selinux-policy-targeted-2.2.23-6, hal-0.5.7-3

How reproducible:
Always

Steps to Reproduce:
1. tail -f /var/log/audit/audit.log
2. service restart haldaemon
3.
  

Actual Results:  avc denied messages

Expected Results:  clean run

Additional info:
Comment 1 Daniel Walsh 2006-03-08 16:57:52 EST
Fixed in selinux-policy-targeted-2.2.23-8
Comment 2 Bernard Johnson 2006-03-09 04:14:26 EST
The messages no longer appear in today's rawhide
(selinux-policy-targeted-2.2.23-11).

Note You need to log in before you can comment on or make changes to this bug.