Bug 357011 - Read access denied to asound.state by salsa
Summary: Read access denied to asound.state by salsa
Keywords:
Status: CLOSED CURRENTRELEASE
Alias: None
Product: Fedora
Classification: Fedora
Component: selinux-policy-targeted
Version: 7
Hardware: i386
OS: Linux
low
low
Target Milestone: ---
Assignee: Daniel Walsh
QA Contact: Ben Levenson
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2007-10-29 17:44 UTC by Matthew Saltzman
Modified: 2007-12-06 18:39 UTC (History)
2 users (show)

Fixed In Version: Current
Doc Type: Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed: 2007-12-06 18:39:15 UTC
Type: ---
Embargoed:

Attachments (Terms of Use)

Description Matthew Saltzman 2007-10-29 17:44:03 UTC 
Description of problem:

kernel: audit(1193647038.141:13): avc:  denied  { read } for  pid=1297
comm="salsa" name="asound.state" dev=dm-0 ino=2066393
scontext=system_u:system_r:udev_t:s0-s0:c0.c1023
tcontext=system_u:object_r:alsa_etc_rw_t:s0 tclass=file

Version-Release number of selected component (if applicable):
selinux-policy-targeted-2.6.4-48.fc7

How reproducible:
Always.

Steps to Reproduce:
1. Shut down.
2.
3.
  
Actual results:
AVC

Expected results:
No AVC

Additional info:
Comment 1 Daniel Walsh 2007-10-30 01:56:37 UTC 
Fixed in selinux-policy-2.6.4-49
Comment 2 Orion Poplawski 2007-10-30 17:41:06 UTC 
And broken in -50?

audit(1193765793.022:13): avc:  denied  { read } for  pid=1205 comm="salsa"
name="asound.state" dev=sda3 ino=1284774
scontext=system_u:system_r:udev_t:s0-s0:c0.c1023
tcontext=system_u:object_r:alsa_etc_rw_t:s0 tclass=file
[root@bona ~]# rpm -q selinux-policy
selinux-policy-2.6.4-50.fc7
Comment 3 Daniel Walsh 2007-10-30 20:30:41 UTC 
Orion, is the /sbin/salsa labeled correctly?

Should be alsa_exec_t?
Comment 4 Orion Poplawski 2007-10-30 20:45:43 UTC 
[root@bona ~]# restorecon -v /sbin/salsa
[root@bona ~]# ls -Z /sbin/salsa
-rwxr-xr-x  root root system_u:object_r:alsa_exec_t    /sbin/salsa
Comment 5 Kapoios Kanenas 2007-11-01 17:41:20 UTC 
Same problem here.

ls -Z /sbin/salsa
-rwxr-xr-x  root root system_u:object_r:alsa_exec_t    /sbin/salsa


audit(1193782846.719:4): avc:  denied  { read } for  pid=1221 comm="salsa"
name="asound.state" dev=dm-0 ino=4424148
scontext=system_u:system_r:udev_t:s0-s0:c0.c1023
tcontext=system_u:object_r:alsa_etc_rw_t:s0 tclass=file
audit(1193782846.720:5): avc:  denied  { read } for  pid=1226 comm="salsa"
name="asound.state" dev=dm-0 ino=4424148
scontext=system_u:system_r:udev_t:s0-s0:c0.c1023
tcontext=system_u:object_r:alsa_etc_rw_t:s0 tclass=file
audit(1193782846.721:6): avc:  denied  { read } for  pid=1222 comm="salsa"
name="asound.state" dev=dm-0 ino=4424148
scontext=system_u:system_r:udev_t:s0-s0:c0.c1023
tcontext=system_u:object_r:alsa_etc_rw_t:s0 tclass=file
audit(1193782846.721:7): avc:  denied  { read } for  pid=1227 comm="salsa"
name="asound.state" dev=dm-0 ino=4424148
scontext=system_u:system_r:udev_t:s0-s0:c0.c1023
tcontext=system_u:object_r:alsa_etc_rw_t:s0 tclass=file
audit(1193782846.722:8): avc:  denied  { read } for  pid=1229 comm="salsa"
name="asound.state" dev=dm-0 ino=4424148
scontext=system_u:system_r:udev_t:s0-s0:c0.c1023
tcontext=system_u:object_r:alsa_etc_rw_t:s0 tclass=file
audit(1193782846.723:9): avc:  denied  { read } for  pid=1228 comm="salsa"
name="asound.state" dev=dm-0 ino=4424148
scontext=system_u:system_r:udev_t:s0-s0:c0.c1023
tcontext=system_u:object_r:alsa_etc_rw_t:s0 tclass=file
audit(1193782846.723:10): avc:  denied  { read } for  pid=1215 comm="salsa"
name="asound.state" dev=dm-0 ino=4424148
scontext=system_u:system_r:udev_t:s0-s0:c0.c1023
tcontext=system_u:object_r:alsa_etc_rw_t:s0 tclass=file
audit(1193782846.724:11): avc:  denied  { read } for  pid=1230 comm="salsa"
name="asound.state" dev=dm-0 ino=4424148
scontext=system_u:system_r:udev_t:s0-s0:c0.c1023
tcontext=system_u:object_r:alsa_etc_rw_t:s0 tclass=file
audit(1193782846.725:12): avc:  denied  { read } for  pid=1231 comm="salsa"
name="asound.state" dev=dm-0 ino=4424148
scontext=system_u:system_r:udev_t:s0-s0:c0.c1023
tcontext=system_u:object_r:alsa_etc_rw_t:s0 tclass=file
Comment 6 Orion Poplawski 2007-12-06 16:53:54 UTC 
Appears to be fixed in 2.6.4-59.fc7
Note You need to log in before you can comment on or make changes to this bug.