Bug 221287 - pcscd SELinux denials occur every few seconds when transferring files to/from USB devices
pcscd SELinux denials occur every few seconds when transferring files to/from...
Status: CLOSED CURRENTRELEASE
Product: Fedora
Classification: Fedora
Component: selinux-policy-targeted (Show other bugs)
6
All Linux
medium Severity medium
: ---
: ---
Assigned To: Bob Relyea
:
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2007-01-03 11:13 EST by vfiend
Modified: 2007-11-30 17:11 EST (History)
2 users (show)

See Also:
Fixed In Version: Current
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2007-08-22 10:14:08 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)

  None (edit)
Description vfiend 2007-01-03 11:13:20 EST
Summary
    SELinux is preventing /usr/sbin/pcscd (pcscd_t) "dac_read_search" access to
    <Unknown> (pcscd_t).

Additional Information:       

Source Context:               system_u:system_r:pcscd_t
Target Context:               system_u:system_r:pcscd_t
Target Objects:               None [ capability ]
Affected RPM Packages:        pcsc-lite-1.3.1-7 [application]
Policy RPM:                   selinux-policy-2.4.6-13.fc6
Selinux Enabled:              True
Policy Type:                  targeted
MLS Enabled:                  True
Enforcing Mode:               Enforcing
Plugin Name:                  plugins.disable_trans
Host Name:                    icarus
Platform:                     Linux icarus 2.6.18-1.2869.fc6 #1 SMP Wed Dec 20
14:51:34 EST 2006 x86_64 x86_64
Alert Count:                  545
Line Numbers:                 

Raw Audit Messages:           

avc: denied { dac_read_search } for comm="pcscd" egid=0 euid=0
exe="/usr/sbin/pcscd" exit=-13 fsgid=0 fsuid=0 gid=0 items=0 pid=2453
scontext=system_u:system_r:pcscd_t:s0 sgid=0 subj=system_u:system_r:pcscd_t:s0
suid=0 tclass=capability tcontext=system_u:system_r:pcscd_t:s0 tty=(none) uid=0 







Summary
    SELinux is preventing /usr/sbin/pcscd (pcscd_t) "dac_override" access to
    <Unknown> (pcscd_t).

Additional Information:       

Source Context:               system_u:system_r:pcscd_t
Target Context:               system_u:system_r:pcscd_t
Target Objects:               None [ capability ]
Affected RPM Packages:        pcsc-lite-1.3.1-7 [application]
Policy RPM:                   selinux-policy-2.4.6-13.fc6
Selinux Enabled:              True
Policy Type:                  targeted
MLS Enabled:                  True
Enforcing Mode:               Enforcing
Plugin Name:                  plugins.disable_trans
Host Name:                    icarus
Platform:                     Linux icarus 2.6.18-1.2869.fc6 #1 SMP Wed Dec 20
14:51:34 EST 2006 x86_64 x86_64
Alert Count:                  545
Line Numbers:                 

Raw Audit Messages:           

avc: denied { dac_override } for comm="pcscd" egid=0 euid=0
exe="/usr/sbin/pcscd" exit=-13 fsgid=0 fsuid=0 gid=0 items=0 pid=2453
scontext=system_u:system_r:pcscd_t:s0 sgid=0 subj=system_u:system_r:pcscd_t:s0
suid=0 tclass=capability tcontext=system_u:system_r:pcscd_t:s0 tty=(none) uid=0
Comment 1 vfiend 2007-01-04 11:29:36 EST
This seems to only occur when using gnomad2 (in extras) to transfer music files
to my DAP.
Comment 2 vfiend 2007-01-08 13:49:24 EST
Okay, I also had this issue when importing a photo from my digital camera into
f-spot. I didn't have this error before, so it's probably something that changed
in the policies with an update, I guess? I suppose I'll reassign it from
pcsc-lite to selinux-policy-targeted then..
Comment 3 Nate Bradley 2007-01-09 12:37:50 EST
I'm getting the same errors, but I'm not trying to do anyting in particular.
Comment 4 Bob Relyea 2007-01-09 18:35:40 EST
It looks like pcsc-lite needs a selinux profile which allows access to the usb
subsystem. What's the best way to get help on that?

bob
Comment 5 Daniel Walsh 2007-01-10 14:14:49 EST
Fixed in selinux-policy-2.4.6-25
Comment 6 Daniel Walsh 2007-08-22 10:14:08 EDT
Fixed in current release

Note You need to log in before you can comment on or make changes to this bug.