Bug 389811 (JeffZZZ) - SELinux is preventing /sbin/udevd (udev_t) "relabelfrom" to pilot (device_t).
Summary: SELinux is preventing /sbin/udevd (udev_t) "relabelfrom" to pilot (device_t).
Keywords:
Status: CLOSED CURRENTRELEASE
Alias: JeffZZZ
Product: Fedora
Classification: Fedora
Component: selinux-policy
Version: 7
Hardware: x86_64
OS: Linux
low
medium
Target Milestone: ---
Assignee: Daniel Walsh
QA Contact: Fedora Extras Quality Assurance
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2007-11-18 22:45 UTC by Jeff Smith
Modified: 2008-01-30 19:18 UTC (History)
0 users

Fixed In Version: Current
Doc Type: Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed: 2008-01-30 19:18:25 UTC
Type: ---
Embargoed:


Attachments (Terms of Use)

Description Jeff Smith 2007-11-18 22:45:52 UTC
From Bugzilla Helper:
User-Agent: Mozilla/5.0 (X11; U; Linux i686 (x86_64); en-US; rv:1.8.1.9) Gecko/20071105 Fedora/2.0.0.9-1.fc7 Firefox/2.0.0.9

Description of problem:
Gnome evolution sync works ok but KDE kpilot sync doesn't and has this error. 

Detailed Description
SELinux denied access requested by /sbin/udevd. It is not expected that this access is required by /sbin/udevd and this access may signal an intrusion attempt. It is also possible that the specific version or configuration of the application is causing it to require additional access.

Allowing Access
Sometimes labeling problems can cause SELinux denials. You could try to restore the default system file context for pilot, restorecon -v pilot If this does not work, there is currently no automatic way to allow this access. Instead, you can generate a local policy module to allow this access - see FAQ Or you can disable SELinux protection altogether. Disabling SELinux protection is not recommended. Please file a bug report against this package.

Additional Information
Source Context:  system_u:system_r:udev_t:SystemLow-SystemHigh
Target Context:  system_u:object_r:device_t
Target Objects:  pilot [ lnk_file ]
Affected RPM Packages:  udev-113-12.fc7 [application]
Policy RPM:  selinux-policy-2.6.4-48.fc7
Selinux Enabled:  True
Policy Type:  targeted
MLS Enabled:  True
Enforcing Mode:  Enforcing
Plugin Name:  plugins.catchall_file
Host Name:  localhost.localdomain
Platform:  Linux localhost.localdomain 2.6.23.1-21.fc7 #1 SMP Thu Nov 1 20:28:15        
           EDT 2007 x86_64 x86_64
Alert Count:  83
First Seen:  Fri 19 Oct 2007 09:41:21 AM PDT
Last Seen:  Sun 18 Nov 2007 02:20:11 PM PST
Local ID:  685f2cb5-db7b-4a47-be87-50c171a788f4
Line Numbers:  

Raw Audit Messages :
avc: denied { relabelfrom } for comm="udevd" dev=tmpfs egid=0 euid=0 exe="/sbin/udevd" exit=-13 fsgid=0 fsuid=0 gid=0 items=0 name="pilot" pid=8713 scontext=system_u:system_r:udev_t:s0-s0:c0.c1023 sgid=0 subj=system_u:system_r:udev_t:s0-s0:c0.c1023 suid=0 tclass=lnk_file tcontext=system_u:object_r:device_t:s0 tty=(none) uid=0 


Have removed any and all work arounds prior(10-visor.rules, and pilothelper script). It hotsync once but fails repeatedly afterwards.  

Version-Release number of selected component (if applicable):
kernel 2.6.23.1-21.  

How reproducible:
Always


Steps to Reproduce:
1.launch kpilot
2.press hotsync button on USB/cable from craddle


Actual Results:
reboots treo 700p. triggers selinux alarm.

Expected Results:
perform a hotsync

Additional info:
see description...  puts a damper on home business usage

Comment 1 Daniel Walsh 2007-11-19 15:21:24 UTC
Fixed in selinux-policy-2.6.4-56.fc7

Comment 2 Daniel Walsh 2008-01-30 19:18:25 UTC
Bulk closing all bugs in Fedora updates in the modified state.  If you bug is
not fixed, please reopen.


Note You need to log in before you can comment on or make changes to this bug.