Bug 462042 - AVC denied for Podsleuth when inserting iPod
Summary: AVC denied for Podsleuth when inserting iPod
Keywords:
Status: CLOSED CURRENTRELEASE
Alias: None
Product: Fedora
Classification: Fedora
Component: selinux-policy-targeted
Version: 11
Hardware: All
OS: Linux
medium
medium
Target Milestone: ---
Assignee: Daniel Walsh
QA Contact: Ben Levenson
URL:
Whiteboard:
Depends On:
Blocks: F10Blocker, F10FinalBlocker
TreeView+ depends on / blocked
 
Reported: 2008-09-12 06:48 UTC by David Nielsen
Modified: 2009-11-18 13:09 UTC (History)
2 users (show)

Fixed In Version:
Clone Of:
Environment:
Last Closed: 2009-11-18 13:09:26 UTC
Type: ---
Embargoed:

Attachments (Terms of Use)

Description David Nielsen 2008-09-12 06:48:54 UTC 
Description of problem

node=harris type=AVC msg=audit(1221201746.970:91): avc: denied { sys_rawio } for pid=20177 comm="mono" capability=17 scontext=system_u:system_r:podsleuth_t:s0 tcontext=system_u:system_r:podsleuth_t:s0 tclass=capability 

node=harris type=SYSCALL msg=audit(1221201746.970:91): arch=c000003e syscall=16 success=yes exit=0 a0=7 a1=2285 a2=7f8170382be0 a3=7f8170000090 items=0 ppid=20174 pid=20177 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="mono" exe="/usr/bin/mono" subj=system_u:system_r:podsleuth_t:s0 key=(null) 

Version-Release number of selected component (if applicable):
selinux-policy-targeted-3.5.7-1.fc10.noarch
podsleuth-0.6.2-3.fc10.x86_64
Comment 1 Daniel Walsh 2008-09-22 20:03:45 UTC 
Fixed in selinux-policy-3.5.8-6.fc10

You can allow this for now.

# audit2allow -M mypol -l -i /var/log/audit/audit.log
# semodule -i mypol.pp
Comment 2 Jeff Peeler 2008-12-06 15:55:26 UTC 
I'm having the exact same problem on F10, although the audit message is slightly different:

node=jbp.localdomain type=AVC msg=audit(1228577703.977:160): avc:  denied  { mount } for  pid=8426 comm="mono" name="/" dev=sdb2 ino=2 scontext=system_u:system_r:podsleuth_t:s0 tcontext=system_u:object_r:nfs_t:s0 tclass=filesystem

node=jbp.localdomain type=SYSCALL msg=audit(1228577703.977:160): arch=c000003e syscall=165 success=no exit=-13 a0=7fa8a0138e60 a1=7fa8a014c2d0 a2=7fa8a01479a0 a3=1 items=0 ppid=8423 pid=8426 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="mono" exe="/usr/bin/mono" subj=system_u:system_r:podsleuth_t:s0 key=(null)

Source RPM Packages           mono-core-2.0.1-12.fc10
Target RPM Packages           filesystem-2.4.19-1.fc10
Policy RPM                    selinux-policy-3.5.13-26.fc10

podsleuth-0.6.3-1.fc10.x86_64
Comment 3 Daniel Walsh 2008-12-09 14:54:04 UTC 
Why is podsleuth trying to mount an nfs file system?
Comment 4 David Nielsen 2008-12-09 16:47:45 UTC 
No idea, iPods should be vfat
Comment 5 Daniel Walsh 2008-12-09 19:44:15 UTC 
Ok It looks like we label hfs file systems as nfs_t, which some ipods use, so I guess we need to allow this.

You can allow this for now.

# audit2allow -M mypol -l -i /var/log/audit/audit.log
# semodule -i mypol.pp

Fixed in selinux-policy-3.5.13-34.fc10
Comment 6 Bug Zapper 2009-06-09 09:43:45 UTC 
This bug appears to have been reported against 'rawhide' during the Fedora 11 development cycle.
Changing version to '11'.

More information and reason for this action is here:
http://fedoraproject.org/wiki/BugZappers/HouseKeeping
Note You need to log in before you can comment on or make changes to this bug.