Bug 439165 - SELinux errors on USB audio headset hotplug, prevents sound
SELinux errors on USB audio headset hotplug, prevents sound
Status: CLOSED DUPLICATE of bug 439009
Product: Fedora
Classification: Fedora
Component: selinux-policy (Show other bugs)
rawhide
All Linux
medium Severity medium
: ---
: ---
Assigned To: Daniel Walsh
Fedora Extras Quality Assurance
:
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2008-03-27 09:09 EDT by Paul W. Frields
Modified: 2008-03-27 09:11 EDT (History)
1 user (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2008-03-27 09:11:26 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)

  None (edit)
Description Paul W. Frields 2008-03-27 09:09:56 EDT
Description of problem:
Plugging in a USB audio headset generates AVC errors, and if the user is running
in enforcing mode, he can't get sound from the device.  (Similar errors seem to
prevent other sound devices on my computer from working, and running in
permissive mode fixes the problem.)


Version-Release number of selected component (if applicable):
selinux-policy-3.3.1-24.fc9.noarch


How reproducible:
Every time

Steps to Reproduce:
1.  Plug in headset
2.  sealert helper displays errors

Actual results:
type=AVC msg=audit(1206622915.363:74): avc:  denied  { read write } for 
pid=3071 comm="hal-acl-tool" name="acl-list" dev=dm-1 ino=73788
scontext=system_u:system_r:hald_acl_t:s0 tcontext=system_u:object_r:var_run_t:s0
tclass=file
type=SYSCALL msg=audit(1206622915.363:74): arch=c000003e syscall=2 success=yes
exit=3 a0=40404a a1=42 a2=1a4 a3=7fff55b79e50 items=0 ppid=2140 pid=3071
auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0
tty=(none) ses=4294967295 comm="hal-acl-tool" exe="/usr/libexec/hal-acl-tool"
subj=system_u:system_r:hald_acl_t:s0 key=(null)
type=AVC msg=audit(1206622915.363:75): avc:  denied  { lock } for  pid=3071
comm="hal-acl-tool" path="/var/run/hald/acl-list" dev=dm-1 ino=73788
scontext=system_u:system_r:hald_acl_t:s0 tcontext=system_u:object_r:var_run_t:s0
tclass=file
type=SYSCALL msg=audit(1206622915.363:75): arch=c000003e syscall=73 success=yes
exit=0 a0=3 a1=2 a2=1a4 a3=7fff55b79e50 items=0 ppid=2140 pid=3071
auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0
tty=(none) ses=4294967295 comm="hal-acl-tool" exe="/usr/libexec/hal-acl-tool"
subj=system_u:system_r:hald_acl_t:s0 key=(null)
type=AVC msg=audit(1206622915.393:76): avc:  denied  { getattr } for  pid=3071
comm="hal-acl-tool" path="/var/run/hald/acl-list" dev=dm-1 ino=73788
scontext=system_u:system_r:hald_acl_t:s0 tcontext=system_u:object_r:var_run_t:s0
tclass=file
type=SYSCALL msg=audit(1206622915.393:76): arch=c000003e syscall=5 success=yes
exit=0 a0=4 a1=7fff55b79ab0 a2=7fff55b79ab0 a3=23b3930 items=0 ppid=2140
pid=3071 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0
tty=(none) ses=4294967295 comm="hal-acl-tool" exe="/usr/libexec/hal-acl-tool"
subj=system_u:system_r:hald_acl_t:s0 key=(null)
type=AVC msg=audit(1206622915.405:77): avc:  denied  { write } for  pid=3071
comm="hal-acl-tool" name="hald" dev=dm-1 ino=73770
scontext=system_u:system_r:hald_acl_t:s0 tcontext=system_u:object_r:var_run_t:s0
tclass=dir
type=AVC msg=audit(1206622915.405:77): avc:  denied  { add_name } for  pid=3071
comm="hal-acl-tool" name="acl-list.WIAR8T"
scontext=system_u:system_r:hald_acl_t:s0 tcontext=system_u:object_r:var_run_t:s0
tclass=dir
type=AVC msg=audit(1206622915.405:77): avc:  denied  { create } for  pid=3071
comm="hal-acl-tool" name="acl-list.WIAR8T"
scontext=system_u:system_r:hald_acl_t:s0 tcontext=system_u:object_r:var_run_t:s0
tclass=file
type=SYSCALL msg=audit(1206622915.405:77): arch=c000003e syscall=2 success=yes
exit=4 a0=23b7770 a1=c2 a2=1b6 a3=7fff55b79cb0 items=0 ppid=2140 pid=3071
auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0
tty=(none) ses=4294967295 comm="hal-acl-tool" exe="/usr/libexec/hal-acl-tool"
subj=system_u:system_r:hald_acl_t:s0 key=(null)
type=AVC msg=audit(1206622915.406:78): avc:  denied  { remove_name } for 
pid=3071 comm="hal-acl-tool" name="acl-list.WIAR8T" dev=dm-1 ino=73781
scontext=system_u:system_r:hald_acl_t:s0 tcontext=system_u:object_r:var_run_t:s0
tclass=dir
type=AVC msg=audit(1206622915.406:78): avc:  denied  { rename } for  pid=3071
comm="hal-acl-tool" name="acl-list.WIAR8T" dev=dm-1 ino=73781
scontext=system_u:system_r:hald_acl_t:s0 tcontext=system_u:object_r:var_run_t:s0
tclass=file
type=AVC msg=audit(1206622915.406:78): avc:  denied  { unlink } for  pid=3071
comm="hal-acl-tool" name="acl-list" dev=dm-1 ino=73788
scontext=system_u:system_r:hald_acl_t:s0 tcontext=system_u:object_r:var_run_t:s0
tclass=file


Expected results:
No SELinux errors


Can provide additional device info if needed.
Comment 1 Paul W. Frields 2008-03-27 09:11:26 EDT

*** This bug has been marked as a duplicate of 439009 ***

Note You need to log in before you can comment on or make changes to this bug.