Bug 206700 - pam_console can't apply permissions to em8300 devices
Summary: pam_console can't apply permissions to em8300 devices
Keywords:
Status: CLOSED ERRATA
Alias: None
Product: Fedora
Classification: Fedora
Component: selinux-policy
Version: rawhide
Hardware: All
OS: Linux
medium
medium
Target Milestone: ---
Assignee: Daniel Walsh
QA Contact:
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2006-09-15 19:32 UTC by Ville Skyttä
Modified: 2007-11-30 22:11 UTC (History)
1 user (show)

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed: 2006-12-26 11:32:06 UTC
Type: ---
Embargoed:


Attachments (Terms of Use)
Treat em8300 devices like v4l ones (for pam_console) (628 bytes, patch)
2006-09-15 19:32 UTC, Ville Skyttä
no flags Details | Diff

Description Ville Skyttä 2006-09-15 19:32:33 UTC
selinux-policy-targeted-2.3.7-2.fc5 seems to deny pam_console from applying
permissions to /dev/em8300*:

Sep 15 22:06:24 bobcat kernel: audit(1158347184.942:4): avc:  denied  { getattr
} for  pid=3364 comm="pam_console_app" name="em8300-0" dev=tmpfs ino=952402
scontext=system_u:system_r:pam_console_t:s0-s0:c0.c255
tcontext=system_u:object_r:device_t:s0 tclass=chr_file
Sep 15 22:06:24 bobcat kernel: audit(1158347184.942:5): avc:  denied  { setattr
} for  pid=3364 comm="pam_console_app" name="em8300-0" dev=tmpfs ino=952402
scontext=system_u:system_r:pam_console_t:s0-s0:c0.c255
tcontext=system_u:object_r:device_t:s0 tclass=chr_file

The /dev/em8300* devices, more accurately /dev/em8300-*, /dev/em8300_ma-*,
/dev/em8300_mv-* and /dev/em8300_sp-* are for the Hollywood+/DXR3 MPEG decoder
cards, see http://dxr3.sourceforge.net/ 

Even though I guess they're not strictly speaking v4l ones, they're used in very
similar situations, so listing them as such would possibly be the easiest way to
fix this, see attached patch.

Comment 1 Ville Skyttä 2006-09-15 19:32:34 UTC
Created attachment 136383 [details]
Treat em8300 devices like v4l ones (for pam_console)

Comment 2 Daniel Walsh 2006-09-18 18:31:46 UTC
Fixed in selinux-policy-2.3.14-3

Comment 3 Ville Skyttä 2006-12-26 11:32:06 UTC
Seems so, thanks.


Note You need to log in before you can comment on or make changes to this bug.