Bug 206700 - pam_console can't apply permissions to em8300 devices
pam_console can't apply permissions to em8300 devices
Status: CLOSED ERRATA
Product: Fedora
Classification: Fedora
Component: selinux-policy (Show other bugs)
rawhide
All Linux
medium Severity medium
: ---
: ---
Assigned To: Daniel Walsh
: Patch
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2006-09-15 15:32 EDT by Ville Skyttä
Modified: 2007-11-30 17:11 EST (History)
1 user (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2006-12-26 06:32:06 EST
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)
Treat em8300 devices like v4l ones (for pam_console) (628 bytes, patch)
2006-09-15 15:32 EDT, Ville Skyttä
no flags Details | Diff

  None (edit)
Description Ville Skyttä 2006-09-15 15:32:33 EDT
selinux-policy-targeted-2.3.7-2.fc5 seems to deny pam_console from applying
permissions to /dev/em8300*:

Sep 15 22:06:24 bobcat kernel: audit(1158347184.942:4): avc:  denied  { getattr
} for  pid=3364 comm="pam_console_app" name="em8300-0" dev=tmpfs ino=952402
scontext=system_u:system_r:pam_console_t:s0-s0:c0.c255
tcontext=system_u:object_r:device_t:s0 tclass=chr_file
Sep 15 22:06:24 bobcat kernel: audit(1158347184.942:5): avc:  denied  { setattr
} for  pid=3364 comm="pam_console_app" name="em8300-0" dev=tmpfs ino=952402
scontext=system_u:system_r:pam_console_t:s0-s0:c0.c255
tcontext=system_u:object_r:device_t:s0 tclass=chr_file

The /dev/em8300* devices, more accurately /dev/em8300-*, /dev/em8300_ma-*,
/dev/em8300_mv-* and /dev/em8300_sp-* are for the Hollywood+/DXR3 MPEG decoder
cards, see http://dxr3.sourceforge.net/ 

Even though I guess they're not strictly speaking v4l ones, they're used in very
similar situations, so listing them as such would possibly be the easiest way to
fix this, see attached patch.
Comment 1 Ville Skyttä 2006-09-15 15:32:34 EDT
Created attachment 136383 [details]
Treat em8300 devices like v4l ones (for pam_console)
Comment 2 Daniel Walsh 2006-09-18 14:31:46 EDT
Fixed in selinux-policy-2.3.14-3
Comment 3 Ville Skyttä 2006-12-26 06:32:06 EST
Seems so, thanks.

Note You need to log in before you can comment on or make changes to this bug.