Bug 439666 - yum update from f8->f9 causes pulseaudio denials.
yum update from f8->f9 causes pulseaudio denials.
Status: CLOSED NOTABUG
Product: Fedora
Classification: Fedora
Component: selinux-policy-targeted (Show other bugs)
rawhide
All Linux
low Severity low
: ---
: ---
Assigned To: Daniel Walsh
Ben Levenson
:
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2008-03-30 01:22 EDT by Dave Jones
Modified: 2015-01-04 17:30 EST (History)
1 user (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2008-03-30 01:32:10 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)

  None (edit)
Description Dave Jones 2008-03-30 01:22:26 EDT
selinux-policy-targeted-3.3.1-25.fc9.noarch
even after a relabel on reboot, it still fails..

host=gelk type=AVC msg=audit(1206853930.495:1451): avc:  denied  { lock } for 
pid=6273 comm="pulseaudio" path="/tmp/pulse-gdm/pid" dev=md0 ino=67567674
scontext=system_u:system_r:xdm_t:s0-s0:c0.c1023
tcontext=system_u:object_r:file_t:s0 tclass=file

host=gelk type=SYSCALL msg=audit(1206853930.495:1451): arch=c000003e syscall=72
success=yes exit=0 a0=3 a1=7 a2=7fffa5a01260 a3=8101010101010100 items=0
ppid=6262 pid=6273 auid=4294967295 uid=42 gid=42 euid=42 suid=42 fsuid=42
egid=42 sgid=42 fsgid=42 tty=(none) ses=4294967295 comm="pulseaudio"
exe="/usr/bin/pulseaudio" subj=system_u:system_r:xdm_t:s0-s0:c0.c1023 key=(null)

host=gelk type=AVC msg=audit(1206853930.495:1452): avc:  denied  { getattr } for
 pid=6273 comm="pulseaudio" path="/tmp/pulse-gdm/pid" dev=md0 ino=67567674
scontext=system_u:system_r:xdm_t:s0-s0:c0.c1023
tcontext=system_u:object_r:file_t:s0 tclass=file

host=gelk type=SYSCALL msg=audit(1206853930.495:1452): arch=c000003e syscall=5
success=yes exit=0 a0=3 a1=7fffa5a012b0 a2=7fffa5a012b0 a3=8101010101010100
items=0 ppid=6262 pid=6273 auid=4294967295 uid=42 gid=42 euid=42 suid=42
fsuid=42 egid=42 sgid=42 fsgid=42 tty=(none) ses=4294967295 comm="pulseaudio"
exe="/usr/bin/pulseaudio" subj=system_u:system_r:xdm_t:s0-s0:c0.c1023 key=(null)

host=gelk type=AVC msg=audit(1206853931.164:1453): avc:  denied  { create } for
 pid=6273 comm="pulseaudio" name="native"
scontext=system_u:system_r:xdm_t:s0-s0:c0.c1023
tcontext=system_u:object_r:file_t:s0 tclass=sock_file

host=gelk type=SYSCALL msg=audit(1206853931.164:1453): arch=c000003e syscall=49
success=yes exit=0 a0=19 a1=7fffa5a01090 a2=17 a3=7fffa5a01084 items=0 ppid=6262
pid=6273 auid=4294967295 uid=42 gid=42 euid=42 suid=42 fsuid=42 egid=42 sgid=42
fsgid=42 tty=(none) ses=4294967295 comm="pulseaudio" exe="/usr/bin/pulseaudio"
subj=system_u:system_r:xdm_t:s0-s0:c0.c1023 key=(null)

host=gelk type=AVC msg=audit(1206853931.165:1454): avc:  denied  { setattr } for
 pid=6273 comm="pulseaudio" name="native" dev=md0 ino=67567677
scontext=system_u:system_r:xdm_t:s0-s0:c0.c1023
tcontext=system_u:object_r:file_t:s0 tclass=sock_file

host=gelk type=SYSCALL msg=audit(1206853931.165:1454): arch=c000003e syscall=90
success=yes exit=0 a0=7fffa5a01150 a1=1ff a2=17 a3=7fffa5a01084 items=0
ppid=6262 pid=6273 auid=4294967295 uid=42 gid=42 euid=42 suid=42 fsuid=42
egid=42 sgid=42 fsgid=42 tty=(none) ses=4294967295 comm="pulseaudio"
exe="/usr/bin/pulseaudio" subj=system_u:system_r:xdm_t:s0-s0:c0.c1023 key=(null)

host=gelk type=AVC msg=audit(1206853930.492:1449): avc:  denied  { setattr } for
 pid=6273 comm="pulseaudio" name="pulse-gdm" dev=md0 ino=67567670
scontext=system_u:system_r:xdm_t:s0-s0:c0.c1023
tcontext=system_u:object_r:file_t:s0 tclass=dir

host=gelk type=SYSCALL msg=audit(1206853930.492:1449): arch=c000003e syscall=92
success=yes exit=0 a0=7fffa5a013b0 a1=2a a2=2a a3=f items=0 ppid=6262 pid=6273
auid=4294967295 uid=42 gid=42 euid=42 suid=42 fsuid=42 egid=42 sgid=42 fsgid=42
tty=(none) ses=4294967295 comm="pulseaudio" exe="/usr/bin/pulseaudio"
subj=system_u:system_r:xdm_t:s0-s0:c0.c1023 key=(null)

host=gelk type=AVC msg=audit(1206853930.494:1450): avc:  denied  { write } for 
pid=6273 comm="pulseaudio" name="pulse-gdm" dev=md0 ino=67567670
scontext=system_u:system_r:xdm_t:s0-s0:c0.c1023
tcontext=system_u:object_r:file_t:s0 tclass=dir

host=gelk type=AVC msg=audit(1206853930.494:1450): avc:  denied  { add_name }
for  pid=6273 comm="pulseaudio" name="pid"
scontext=system_u:system_r:xdm_t:s0-s0:c0.c1023
tcontext=system_u:object_r:file_t:s0 tclass=dir

host=gelk type=AVC msg=audit(1206853930.494:1450): avc:  denied  { create } for
 pid=6273 comm="pulseaudio" name="pid"
scontext=system_u:system_r:xdm_t:s0-s0:c0.c1023
tcontext=system_u:object_r:file_t:s0 tclass=file

host=gelk type=AVC msg=audit(1206853930.494:1450): avc:  denied  { read write }
for  pid=6273 comm="pulseaudio" name="pid" dev=md0 ino=67567674
scontext=system_u:system_r:xdm_t:s0-s0:c0.c1023
tcontext=system_u:object_r:file_t:s0 tclass=file

host=gelk type=SYSCALL msg=audit(1206853930.494:1450): arch=c000003e syscall=2
success=yes exit=3 a0=7fffa5a01380 a1=20142 a2=180 a3=8101010101010100 items=0
ppid=6262 pid=6273 auid=4294967295 uid=42 gid=42 euid=42 suid=42 fsuid=42
egid=42 sgid=42 fsgid=42 tty=(none) ses=4294967295 comm="pulseaudio"
exe="/usr/bin/pulseaudio" subj=system_u:system_r:xdm_t:s0-s0:c0.c1023 key=(null)
Comment 1 Daniel Walsh 2008-03-30 01:32:10 EDT
You seem to have a log of files without labels on them.

You need to 

rm -rf /tmp/pulse*

If you see any other files labeled file_t on /tmp you should remove them.

And allow them to be recreated on the next login.  I am not sure if you have a
general labeling problem.  If you see other files around with file_t you might
want to relable.

touch /.autorelable; reboot
Comment 2 Dave Jones 2008-03-30 18:00:24 EDT
weird.  as I mentioned, it relabeled when I first rebooted.  I guess it didn't
erase the files in /tmp.  A second relabelling after I removed those files did
the trick.
Comment 3 Daniel Walsh 2008-03-31 02:00:04 EDT
Relabeling does not touch files in /tmp, /media /mnt because the labels are
fairly random.  And we don't know what to label them.  /tmp seems to be a
problem though because it leaves files around from login.  If we relabeled files
to tmp_t it would cause programs to fail also.  IE Confined apps not able to
write to tmp_t.  The best solution is to delete all files in /tmp but this can
blow away files that the user wants to keep

Note You need to log in before you can comment on or make changes to this bug.