Red Hat Bugzilla – Bug 375241
SELinux is preventing /usr/bin/sox (xdm_t) "read" to (sound_device_t)
Last modified: 2008-01-30 14:19:20 EST
From Bugzilla Helper: User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.8.1.8) Gecko/20071030 Fedora/2.0.0.8-2.fc8 Firefox/2.0.0.8 Description of problem: Summary SELinux is preventing /usr/bin/sox (xdm_t) "read" to <Unknown> (sound_device_t). Detailed Description SELinux denied access requested by /usr/bin/sox. It is not expected that this access is required by /usr/bin/sox and this access may signal an intrusion attempt. It is also possible that the specific version or configuration of the application is causing it to require additional access. Allowing Access Sometimes labeling problems can cause SELinux denials. You could try to restore the default system file context for <Unknown>, restorecon -v <Unknown> If this does not work, there is currently no automatic way to allow this access. Instead, you can generate a local policy module to allow this access - see http://fedora.redhat.com/docs/selinux-faq-fc5/#id2961385 Or you can disable SELinux protection altogether. Disabling SELinux protection is not recommended. Please file a http://bugzilla.redhat.com/bugzilla/enter_bug.cgi against this package. Additional Information Source Context system_u:system_r:xdm_t:s0-s0:c0.c1023 Target Context system_u:object_r:sound_device_t:s0 Target Objects None [ chr_file ] Affected RPM Packages sox-13.0.0-3.fc8 [application] Policy RPM selinux-policy-3.0.8-44.fc8 Selinux Enabled True Policy Type targeted MLS Enabled True Enforcing Mode Enforcing Plugin Name plugins.catchall_file Host Name heatherb.hedntay.com Platform Linux heatherb.hedntay.com 2.6.21-2950.fc8xen #1 SMP Tue Oct 23 12:24:34 EDT 2007 i686 i686 Alert Count 1 First Seen Sat 10 Nov 2007 01:21:05 PM PST Last Seen Sat 10 Nov 2007 01:21:05 PM PST Local ID 9aa0e848-e49b-45fb-8556-9cbfd5573b24 Line Numbers Raw Audit Messages avc: denied { read } for comm=play dev=tmpfs egid=0 euid=0 exe=/usr/bin/sox exit=-13 fsgid=0 fsuid=0 gid=0 items=0 name=controlC0 pid=2928 scontext=system_u:system_r:xdm_t:s0-s0:c0.c1023 sgid=0 subj=system_u:system_r:xdm_t:s0-s0:c0.c1023 suid=0 tclass=chr_file tcontext=system_u:object_r:sound_device_t:s0 tty=(none) uid=0 Version-Release number of selected component (if applicable): sox-13.0.0-3.fc8 How reproducible: Always Steps to Reproduce: 1.Call anything that uses sound 2. 3. Actual Results: get message in summary and no sound allowed Expected Results: a beep a sound of some kind Additional info: System working, just no sound
Steps to Reproduce should read: 1. Call firefox ...but calling anything that uses sound also gives SELinux alert
What is the context that you are logged in as? id -Z If it is xdm_t, you look to have a very badly labeled system. touch /.autorelabel; reboot should clean it up.
Tried 1. updating software 2. suggestion in comment #2 Neither solved problem. Sound card detection sees card and test works, however when trying to click on preferences in speaker icon on panel, says it does not see card.
Are you still seeing avc's? Please attach /var/log/audit/audit.log? If you put the machine in permissive mode does the sound work?
no audit.log in that dir. sound still does not work in permissive mode
I think SELinux is not the problem here as far as sound working on your machine. I will allow xdm to read/write the sound device Fixed in selinux-policy-3.0.8-54.fc8
Bulk closing all bugs in Fedora updates in the modified state. If you bug is not fixed, please reopen.