Bug 245288 - selinux requested bug submission
selinux requested bug submission
Product: Fedora
Classification: Fedora
Component: libselinux (Show other bugs)
i386 Linux
low Severity high
: ---
: ---
Assigned To: Nils Philippsen
Fedora Extras Quality Assurance
Depends On:
  Show dependency treegraph
Reported: 2007-06-22 02:02 EDT by Wayne Hammond
Modified: 2008-06-16 21:41 EDT (History)
1 user (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Last Closed: 2008-06-16 21:41:15 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)
selinux alert message (2.59 KB, text/plain)
2007-06-22 02:02 EDT, Wayne Hammond
no flags Details
audit logfile (800.00 KB, text/plain)
2007-06-22 16:14 EDT, Wayne Hammond
no flags Details
First error message (246.07 KB, image/jpeg)
2007-06-27 08:51 EDT, Wayne Hammond
no flags Details
Second error message (165.32 KB, image/png)
2007-06-27 08:51 EDT, Wayne Hammond
no flags Details
yum update output (3.12 KB, text/plain)
2007-06-28 08:22 EDT, Wayne Hammond
no flags Details
mail to root generated at end of yum update (10.98 KB, text/plain)
2007-06-28 08:23 EDT, Wayne Hammond
no flags Details

  None (edit)
Description Wayne Hammond 2007-06-22 02:02:34 EDT
Description of problem:
selinux alert - requested bug submission against /usr/lib/libSDL module

Version-Release number of selected component (if applicable):

How reproducible:
unable to access hardware

Steps to Reproduce:
1. see bug report from selinux
Actual results:

Expected results:

Additional info:
Comment 1 Wayne Hammond 2007-06-22 02:02:34 EDT
Created attachment 157597 [details]
selinux alert message
Comment 2 Daniel Walsh 2007-06-22 09:18:17 EDT
This looks like a labeling problem.

restorecon -R -v /var/lib
Comment 3 Wayne Hammond 2007-06-22 09:28:31 EDT
Ran this command at request of selinux:
[root@localhost ~]# touch /.autorelabel; reboot
Is this equivalent to restorecon -R -v /var/lib?
Comment 4 Wayne Hammond 2007-06-22 11:07:21 EDT
Ran restorecon -R -v /var/lib as well, no change.
Comment 5 Daniel Walsh 2007-06-22 11:25:31 EDT
But is the file labeled correctly now?

ls -lZ /usr/lib/libSDL-1.2.so*

Should be labeled textrel_shlib_t
Comment 6 Wayne Hammond 2007-06-22 11:38:54 EDT
Yes, it is labeled correctly now. Sane still doesn't see my scanner though. 
Don't have time right now to check other devices, will do that this afternoon.

This is the result:
[root@localhost ~]# ls -lZ /usr/lib/libSDL-1.2.so*
lrwxrwxrwx  root root system_u:object_r:lib_t          /usr/lib/libSDL-1.2.so.0
-> libSDL-1.2.so.0.11.0
-rwxr-xr-x  root root system_u:object_r:textrel_shlib_t
Comment 7 Daniel Walsh 2007-06-22 14:04:19 EDT
Ok so the question is whether SELinux is preventing this access or something
else.  If you run in permissive mode, can sane see th scanner?  Do you see any
other avc messages in /var/log/audit/audit.log
Comment 8 Wayne Hammond 2007-06-22 16:14:38 EDT
Created attachment 157644 [details]
audit logfile
Comment 9 Wayne Hammond 2007-06-26 13:15:55 EDT
While searching for answers to the permissions, I have discovered that /dev/usb
is assigned to root.  What group is it supposed to be assigned to?  
Comment 10 Daniel Walsh 2007-06-27 08:20:41 EDT
I think it is probably correct.  

Try to use your scanner in permissive mode.

# setenforce 0

Plug the scanner in. Does it work now?  If not, then it is probably not a
selinux policy problem.

# restorecon -R -v /root
Comment 11 Wayne Hammond 2007-06-27 08:51:20 EDT
Created attachment 157999 [details]
First error message
Comment 12 Wayne Hammond 2007-06-27 08:51:59 EDT
Created attachment 158000 [details]
Second error message
Comment 13 Daniel Walsh 2007-06-27 11:20:37 EDT
Did these happen in permissive mode.
Comment 14 Wayne Hammond 2007-06-27 12:02:22 EDT
They both happened in permissive mode.  The same erro is generated in enforcing
mode as well.  The second error is my fault, I unplugged the scanner usb cable
and plugged it back in but did not get it in all they way.  Re-insertion and
running the command again generated the same error.

Comment 15 Daniel Walsh 2007-06-27 14:33:51 EDT
Ok in that case this is almost certainly not an SELinux error.  Reassinging to hal.
Comment 16 David Zeuthen 2007-06-27 16:09:22 EDT
-> sane-backends
Comment 17 Nils Philippsen 2007-06-28 03:23:28 EDT
Wayne, please try sane-backends-1.0.18-7.fc7 from updates-testing which has
workarounds for USB hardware problems and report back whether it makes a
difference to you.
Comment 18 Wayne Hammond 2007-06-28 08:22:45 EDT
Created attachment 158114 [details]
yum update output
Comment 19 Wayne Hammond 2007-06-28 08:23:22 EDT
Created attachment 158115 [details]
mail to root generated at end of yum update
Comment 20 Wayne Hammond 2007-06-28 08:36:33 EDT
The error message when opening the scanner-tool is the same after updating

What should I be doing about the kernel errors?  I don't recall seeing mail
generated before and as the computer is only three days old, I'm rather surprised.

Comment 21 Bug Zapper 2008-05-14 09:14:48 EDT
This message is a reminder that Fedora 7 is nearing the end of life. Approximately 30 (thirty) days from now Fedora will stop maintaining and issuing updates for Fedora 7. It is Fedora's policy to close all bug reports from releases that are no longer maintained. At that time this bug will be closed as WONTFIX if it remains open with a Fedora 'version' of '7'.

Package Maintainer: If you wish for this bug to remain open because you plan to fix it in a currently maintained version, simply change the 'version' to a later Fedora version prior to Fedora 7's end of life.

Bug Reporter: Thank you for reporting this issue and we are sorry that we may not be able to fix it before Fedora 7 is end of life. If you would still like to see this bug fixed and are able to reproduce it against a later version of Fedora please change the 'version' of this bug. If you are unable to change the version, please add a comment here and someone will do it for you.

Although we aim to fix as many bugs as possible during every release's lifetime, sometimes those efforts are overtaken by events. Often a more recent Fedora release includes newer upstream software that fixes bugs or makes them obsolete. If possible, it is recommended that you try the newest available Fedora distribution to see if your bug still exists.

Please read the Release Notes for the newest Fedora distribution to make sure it will meet your needs:

The process we are following is described here: http://fedoraproject.org/wiki/BugZappers/HouseKeeping
Comment 22 Bug Zapper 2008-06-16 21:41:13 EDT
Fedora 7 changed to end-of-life (EOL) status on June 13, 2008. 
Fedora 7 is no longer maintained, which means that it will not 
receive any further security or bug fix updates. As a result we 
are closing this bug. 

If you can reproduce this bug against a currently maintained version 
of Fedora please feel free to reopen this bug against that version.

Thank you for reporting this bug and we are sorry it could not be fixed.

Note You need to log in before you can comment on or make changes to this bug.