439165 – SELinux errors on USB audio headset hotplug, prevents sound

Bug 439165 - SELinux errors on USB audio headset hotplug, prevents sound

Summary: SELinux errors on USB audio headset hotplug, prevents sound

Keywords:
Status:	CLOSED DUPLICATE of bug 439009
Alias:	None
Product:	Fedora
Classification:	Fedora
Component:	selinux-policy
Sub Component:
Version:	rawhide
Hardware:	All
OS:	Linux
Priority:	medium
Severity:	medium
Target Milestone:	---
Assignee:	Daniel Walsh
QA Contact:	Fedora Extras Quality Assurance
Docs Contact:
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+	depends on / blocked

Reported:	2008-03-27 13:09 UTC by Paul W. Frields
Modified:	2008-03-27 13:11 UTC (History)
CC List:	1 user (show)
Fixed In Version:
Doc Type:	Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed:	2008-03-27 13:11:26 UTC
Type:	---
Embargoed:
Dependent Products:

Attachments	(Terms of Use)

Description Paul W. Frields 2008-03-27 13:09:56 UTC

Description of problem:
Plugging in a USB audio headset generates AVC errors, and if the user is running
in enforcing mode, he can't get sound from the device.  (Similar errors seem to
prevent other sound devices on my computer from working, and running in
permissive mode fixes the problem.)


Version-Release number of selected component (if applicable):
selinux-policy-3.3.1-24.fc9.noarch


How reproducible:
Every time

Steps to Reproduce:
1.  Plug in headset
2.  sealert helper displays errors

Actual results:
type=AVC msg=audit(1206622915.363:74): avc:  denied  { read write } for 
pid=3071 comm="hal-acl-tool" name="acl-list" dev=dm-1 ino=73788
scontext=system_u:system_r:hald_acl_t:s0 tcontext=system_u:object_r:var_run_t:s0
tclass=file
type=SYSCALL msg=audit(1206622915.363:74): arch=c000003e syscall=2 success=yes
exit=3 a0=40404a a1=42 a2=1a4 a3=7fff55b79e50 items=0 ppid=2140 pid=3071
auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0
tty=(none) ses=4294967295 comm="hal-acl-tool" exe="/usr/libexec/hal-acl-tool"
subj=system_u:system_r:hald_acl_t:s0 key=(null)
type=AVC msg=audit(1206622915.363:75): avc:  denied  { lock } for  pid=3071
comm="hal-acl-tool" path="/var/run/hald/acl-list" dev=dm-1 ino=73788
scontext=system_u:system_r:hald_acl_t:s0 tcontext=system_u:object_r:var_run_t:s0
tclass=file
type=SYSCALL msg=audit(1206622915.363:75): arch=c000003e syscall=73 success=yes
exit=0 a0=3 a1=2 a2=1a4 a3=7fff55b79e50 items=0 ppid=2140 pid=3071
auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0
tty=(none) ses=4294967295 comm="hal-acl-tool" exe="/usr/libexec/hal-acl-tool"
subj=system_u:system_r:hald_acl_t:s0 key=(null)
type=AVC msg=audit(1206622915.393:76): avc:  denied  { getattr } for  pid=3071
comm="hal-acl-tool" path="/var/run/hald/acl-list" dev=dm-1 ino=73788
scontext=system_u:system_r:hald_acl_t:s0 tcontext=system_u:object_r:var_run_t:s0
tclass=file
type=SYSCALL msg=audit(1206622915.393:76): arch=c000003e syscall=5 success=yes
exit=0 a0=4 a1=7fff55b79ab0 a2=7fff55b79ab0 a3=23b3930 items=0 ppid=2140
pid=3071 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0
tty=(none) ses=4294967295 comm="hal-acl-tool" exe="/usr/libexec/hal-acl-tool"
subj=system_u:system_r:hald_acl_t:s0 key=(null)
type=AVC msg=audit(1206622915.405:77): avc:  denied  { write } for  pid=3071
comm="hal-acl-tool" name="hald" dev=dm-1 ino=73770
scontext=system_u:system_r:hald_acl_t:s0 tcontext=system_u:object_r:var_run_t:s0
tclass=dir
type=AVC msg=audit(1206622915.405:77): avc:  denied  { add_name } for  pid=3071
comm="hal-acl-tool" name="acl-list.WIAR8T"
scontext=system_u:system_r:hald_acl_t:s0 tcontext=system_u:object_r:var_run_t:s0
tclass=dir
type=AVC msg=audit(1206622915.405:77): avc:  denied  { create } for  pid=3071
comm="hal-acl-tool" name="acl-list.WIAR8T"
scontext=system_u:system_r:hald_acl_t:s0 tcontext=system_u:object_r:var_run_t:s0
tclass=file
type=SYSCALL msg=audit(1206622915.405:77): arch=c000003e syscall=2 success=yes
exit=4 a0=23b7770 a1=c2 a2=1b6 a3=7fff55b79cb0 items=0 ppid=2140 pid=3071
auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0
tty=(none) ses=4294967295 comm="hal-acl-tool" exe="/usr/libexec/hal-acl-tool"
subj=system_u:system_r:hald_acl_t:s0 key=(null)
type=AVC msg=audit(1206622915.406:78): avc:  denied  { remove_name } for 
pid=3071 comm="hal-acl-tool" name="acl-list.WIAR8T" dev=dm-1 ino=73781
scontext=system_u:system_r:hald_acl_t:s0 tcontext=system_u:object_r:var_run_t:s0
tclass=dir
type=AVC msg=audit(1206622915.406:78): avc:  denied  { rename } for  pid=3071
comm="hal-acl-tool" name="acl-list.WIAR8T" dev=dm-1 ino=73781
scontext=system_u:system_r:hald_acl_t:s0 tcontext=system_u:object_r:var_run_t:s0
tclass=file
type=AVC msg=audit(1206622915.406:78): avc:  denied  { unlink } for  pid=3071
comm="hal-acl-tool" name="acl-list" dev=dm-1 ino=73788
scontext=system_u:system_r:hald_acl_t:s0 tcontext=system_u:object_r:var_run_t:s0
tclass=file


Expected results:
No SELinux errors


Can provide additional device info if needed.

Comment 1 Paul W. Frields 2008-03-27 13:11:26 UTC


*** This bug has been marked as a duplicate of 439009 ***

Note You need to log in before you can comment on or make changes to this bug.