Bug 267821 - SELinux prevents ivtv firmware from loading
SELinux prevents ivtv firmware from loading
Status: CLOSED WONTFIX
Product: Fedora
Classification: Fedora
Component: selinux-policy-targeted (Show other bugs)
7
All All
medium Severity low
: ---
: ---
Assigned To: Daniel Walsh
Ben Levenson
:
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2007-08-30 12:19 EDT by Anthony Messina
Modified: 2007-11-30 17:12 EST (History)
0 users

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2007-09-04 13:14:24 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)

  None (edit)
Description Anthony Messina 2007-08-30 12:19:01 EDT
Description of problem:
Aug 30 10:41:41 mythtv-fe1 kernel: audit(1188488355.106:9): avc:  denied  { read
} for  pid=1183 comm="firmware_helper" name="v4l-cx2341x-init.mpg" dev=sda3
ino=4570792 scontext=system_u:system_r:udev_t:s0-s0:c0.c1023
tcontext=system_u:object_r:modules_object_t:s0 tclass=file
Aug 30 10:41:41 mythtv-fe1 kernel: ivtv0: unable to open firmware
v4l-cx2341x-init.mpg (must be 155648 bytes)
Aug 30 10:41:41 mythtv-fe1 kernel: ivtv0: did you put the firmware in the
hotplug firmware directory?
Aug 30 10:41:41 mythtv-fe1 kernel: ivtv0: Initialized Hauppauge WinTV PVR-350,
card #0

I'm not sure if this firmware file should have a different context, or if the
firmware_helper should be able to load it.

Version-Release number of selected component (if applicable):
selinux-policy-targeted-2.6.4-38.fc7

-rwxr-xr-x  root root system_u:object_r:modules_object_t v4l-cx2341x-init.mpg

How reproducible:
Every time

Steps to Reproduce:
1. modprobe ivtv
2.
3.
  
Actual results:
see above description

Expected results:
firmware_helper should be able to access and load firmware.
Comment 1 Daniel Walsh 2007-08-31 06:18:03 EDT
Where is this file located?  Why does it have this context?

Files in /lib/firmware should be labeled lib_t.

restorecon the file to see if it fixes the label
Comment 2 Anthony Messina 2007-08-31 06:57:26 EDT
in the /lib/firmware directory, i have:
lrwxrwxrwx  root root system_u:object_r:lib_t v4l-cx2341x-init.mpg ->
/lib/modules/v4l-cx2341x-init.mpg

then in /lib/modules, i have:
-rwxr-xr-x  root root system_u:object_r:modules_object_t v4l-cx2341x-init.mpg

i'm guessing that, due to the symlink having a different (the proper) context,
but the actual file in /lib/modules having the wrong context -- that's why the
issue exists.

manually changing the context to lib_t in /lib/modules allows the firmware to be
loaded.

should i report this to the packager and have him change the context of the
actual file in /lib/modules to lib_t, or is there a better way to manage this?
Comment 3 Daniel Walsh 2007-09-01 07:14:40 EDT
I guess the question to ask is why is this file stored in /lib/modules?  If it
is not a kernel module it should be installed in /lib/firmware and everything
would just work.  
Comment 4 Anthony Messina 2007-09-01 08:30:43 EDT
Seeing as though this issue is "fixed" when the context lib_t is applied, I
consider it closed from the Fedora end and have reported it to the ivtv package
maintainer: http://bugzilla.atrpms.net/show_bug.cgi?id=1274

Note You need to log in before you can comment on or make changes to this bug.