Description of problem: Plugging in a USB audio headset generates AVC errors, and if the user is running in enforcing mode, he can't get sound from the device. (Similar errors seem to prevent other sound devices on my computer from working, and running in permissive mode fixes the problem.) Version-Release number of selected component (if applicable): selinux-policy-3.3.1-24.fc9.noarch How reproducible: Every time Steps to Reproduce: 1. Plug in headset 2. sealert helper displays errors Actual results: type=AVC msg=audit(1206622915.363:74): avc: denied { read write } for pid=3071 comm="hal-acl-tool" name="acl-list" dev=dm-1 ino=73788 scontext=system_u:system_r:hald_acl_t:s0 tcontext=system_u:object_r:var_run_t:s0 tclass=file type=SYSCALL msg=audit(1206622915.363:74): arch=c000003e syscall=2 success=yes exit=3 a0=40404a a1=42 a2=1a4 a3=7fff55b79e50 items=0 ppid=2140 pid=3071 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="hal-acl-tool" exe="/usr/libexec/hal-acl-tool" subj=system_u:system_r:hald_acl_t:s0 key=(null) type=AVC msg=audit(1206622915.363:75): avc: denied { lock } for pid=3071 comm="hal-acl-tool" path="/var/run/hald/acl-list" dev=dm-1 ino=73788 scontext=system_u:system_r:hald_acl_t:s0 tcontext=system_u:object_r:var_run_t:s0 tclass=file type=SYSCALL msg=audit(1206622915.363:75): arch=c000003e syscall=73 success=yes exit=0 a0=3 a1=2 a2=1a4 a3=7fff55b79e50 items=0 ppid=2140 pid=3071 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="hal-acl-tool" exe="/usr/libexec/hal-acl-tool" subj=system_u:system_r:hald_acl_t:s0 key=(null) type=AVC msg=audit(1206622915.393:76): avc: denied { getattr } for pid=3071 comm="hal-acl-tool" path="/var/run/hald/acl-list" dev=dm-1 ino=73788 scontext=system_u:system_r:hald_acl_t:s0 tcontext=system_u:object_r:var_run_t:s0 tclass=file type=SYSCALL msg=audit(1206622915.393:76): arch=c000003e syscall=5 success=yes exit=0 a0=4 a1=7fff55b79ab0 a2=7fff55b79ab0 a3=23b3930 items=0 ppid=2140 pid=3071 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="hal-acl-tool" exe="/usr/libexec/hal-acl-tool" subj=system_u:system_r:hald_acl_t:s0 key=(null) type=AVC msg=audit(1206622915.405:77): avc: denied { write } for pid=3071 comm="hal-acl-tool" name="hald" dev=dm-1 ino=73770 scontext=system_u:system_r:hald_acl_t:s0 tcontext=system_u:object_r:var_run_t:s0 tclass=dir type=AVC msg=audit(1206622915.405:77): avc: denied { add_name } for pid=3071 comm="hal-acl-tool" name="acl-list.WIAR8T" scontext=system_u:system_r:hald_acl_t:s0 tcontext=system_u:object_r:var_run_t:s0 tclass=dir type=AVC msg=audit(1206622915.405:77): avc: denied { create } for pid=3071 comm="hal-acl-tool" name="acl-list.WIAR8T" scontext=system_u:system_r:hald_acl_t:s0 tcontext=system_u:object_r:var_run_t:s0 tclass=file type=SYSCALL msg=audit(1206622915.405:77): arch=c000003e syscall=2 success=yes exit=4 a0=23b7770 a1=c2 a2=1b6 a3=7fff55b79cb0 items=0 ppid=2140 pid=3071 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="hal-acl-tool" exe="/usr/libexec/hal-acl-tool" subj=system_u:system_r:hald_acl_t:s0 key=(null) type=AVC msg=audit(1206622915.406:78): avc: denied { remove_name } for pid=3071 comm="hal-acl-tool" name="acl-list.WIAR8T" dev=dm-1 ino=73781 scontext=system_u:system_r:hald_acl_t:s0 tcontext=system_u:object_r:var_run_t:s0 tclass=dir type=AVC msg=audit(1206622915.406:78): avc: denied { rename } for pid=3071 comm="hal-acl-tool" name="acl-list.WIAR8T" dev=dm-1 ino=73781 scontext=system_u:system_r:hald_acl_t:s0 tcontext=system_u:object_r:var_run_t:s0 tclass=file type=AVC msg=audit(1206622915.406:78): avc: denied { unlink } for pid=3071 comm="hal-acl-tool" name="acl-list" dev=dm-1 ino=73788 scontext=system_u:system_r:hald_acl_t:s0 tcontext=system_u:object_r:var_run_t:s0 tclass=file Expected results: No SELinux errors Can provide additional device info if needed.
*** This bug has been marked as a duplicate of 439009 ***