Description of problem: kernel: audit(1193647038.141:13): avc: denied { read } for pid=1297 comm="salsa" name="asound.state" dev=dm-0 ino=2066393 scontext=system_u:system_r:udev_t:s0-s0:c0.c1023 tcontext=system_u:object_r:alsa_etc_rw_t:s0 tclass=file Version-Release number of selected component (if applicable): selinux-policy-targeted-2.6.4-48.fc7 How reproducible: Always. Steps to Reproduce: 1. Shut down. 2. 3. Actual results: AVC Expected results: No AVC Additional info:
Fixed in selinux-policy-2.6.4-49
And broken in -50? audit(1193765793.022:13): avc: denied { read } for pid=1205 comm="salsa" name="asound.state" dev=sda3 ino=1284774 scontext=system_u:system_r:udev_t:s0-s0:c0.c1023 tcontext=system_u:object_r:alsa_etc_rw_t:s0 tclass=file [root@bona ~]# rpm -q selinux-policy selinux-policy-2.6.4-50.fc7
Orion, is the /sbin/salsa labeled correctly? Should be alsa_exec_t?
[root@bona ~]# restorecon -v /sbin/salsa [root@bona ~]# ls -Z /sbin/salsa -rwxr-xr-x root root system_u:object_r:alsa_exec_t /sbin/salsa
Same problem here. ls -Z /sbin/salsa -rwxr-xr-x root root system_u:object_r:alsa_exec_t /sbin/salsa audit(1193782846.719:4): avc: denied { read } for pid=1221 comm="salsa" name="asound.state" dev=dm-0 ino=4424148 scontext=system_u:system_r:udev_t:s0-s0:c0.c1023 tcontext=system_u:object_r:alsa_etc_rw_t:s0 tclass=file audit(1193782846.720:5): avc: denied { read } for pid=1226 comm="salsa" name="asound.state" dev=dm-0 ino=4424148 scontext=system_u:system_r:udev_t:s0-s0:c0.c1023 tcontext=system_u:object_r:alsa_etc_rw_t:s0 tclass=file audit(1193782846.721:6): avc: denied { read } for pid=1222 comm="salsa" name="asound.state" dev=dm-0 ino=4424148 scontext=system_u:system_r:udev_t:s0-s0:c0.c1023 tcontext=system_u:object_r:alsa_etc_rw_t:s0 tclass=file audit(1193782846.721:7): avc: denied { read } for pid=1227 comm="salsa" name="asound.state" dev=dm-0 ino=4424148 scontext=system_u:system_r:udev_t:s0-s0:c0.c1023 tcontext=system_u:object_r:alsa_etc_rw_t:s0 tclass=file audit(1193782846.722:8): avc: denied { read } for pid=1229 comm="salsa" name="asound.state" dev=dm-0 ino=4424148 scontext=system_u:system_r:udev_t:s0-s0:c0.c1023 tcontext=system_u:object_r:alsa_etc_rw_t:s0 tclass=file audit(1193782846.723:9): avc: denied { read } for pid=1228 comm="salsa" name="asound.state" dev=dm-0 ino=4424148 scontext=system_u:system_r:udev_t:s0-s0:c0.c1023 tcontext=system_u:object_r:alsa_etc_rw_t:s0 tclass=file audit(1193782846.723:10): avc: denied { read } for pid=1215 comm="salsa" name="asound.state" dev=dm-0 ino=4424148 scontext=system_u:system_r:udev_t:s0-s0:c0.c1023 tcontext=system_u:object_r:alsa_etc_rw_t:s0 tclass=file audit(1193782846.724:11): avc: denied { read } for pid=1230 comm="salsa" name="asound.state" dev=dm-0 ino=4424148 scontext=system_u:system_r:udev_t:s0-s0:c0.c1023 tcontext=system_u:object_r:alsa_etc_rw_t:s0 tclass=file audit(1193782846.725:12): avc: denied { read } for pid=1231 comm="salsa" name="asound.state" dev=dm-0 ino=4424148 scontext=system_u:system_r:udev_t:s0-s0:c0.c1023 tcontext=system_u:object_r:alsa_etc_rw_t:s0 tclass=file
Appears to be fixed in 2.6.4-59.fc7