Bug 462042 - AVC denied for Podsleuth when inserting iPod
AVC denied for Podsleuth when inserting iPod
Status: CLOSED CURRENTRELEASE
Product: Fedora
Classification: Fedora
Component: selinux-policy-targeted (Show other bugs)
11
All Linux
medium Severity medium
: ---
: ---
Assigned To: Daniel Walsh
Ben Levenson
: Reopened
Depends On:
Blocks: F10Blocker/F10FinalBlocker
  Show dependency treegraph
 
Reported: 2008-09-12 02:48 EDT by David Nielsen
Modified: 2009-11-18 08:09 EST (History)
2 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2009-11-18 08:09:26 EST
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:


Attachments (Terms of Use)

  None (edit)
Description David Nielsen 2008-09-12 02:48:54 EDT
Description of problem

node=harris type=AVC msg=audit(1221201746.970:91): avc: denied { sys_rawio } for pid=20177 comm="mono" capability=17 scontext=system_u:system_r:podsleuth_t:s0 tcontext=system_u:system_r:podsleuth_t:s0 tclass=capability 

node=harris type=SYSCALL msg=audit(1221201746.970:91): arch=c000003e syscall=16 success=yes exit=0 a0=7 a1=2285 a2=7f8170382be0 a3=7f8170000090 items=0 ppid=20174 pid=20177 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="mono" exe="/usr/bin/mono" subj=system_u:system_r:podsleuth_t:s0 key=(null) 

Version-Release number of selected component (if applicable):
selinux-policy-targeted-3.5.7-1.fc10.noarch
podsleuth-0.6.2-3.fc10.x86_64
Comment 1 Daniel Walsh 2008-09-22 16:03:45 EDT
Fixed in selinux-policy-3.5.8-6.fc10

You can allow this for now.

# audit2allow -M mypol -l -i /var/log/audit/audit.log
# semodule -i mypol.pp
Comment 2 Jeff Peeler 2008-12-06 10:55:26 EST
I'm having the exact same problem on F10, although the audit message is slightly different:

node=jbp.localdomain type=AVC msg=audit(1228577703.977:160): avc:  denied  { mount } for  pid=8426 comm="mono" name="/" dev=sdb2 ino=2 scontext=system_u:system_r:podsleuth_t:s0 tcontext=system_u:object_r:nfs_t:s0 tclass=filesystem

node=jbp.localdomain type=SYSCALL msg=audit(1228577703.977:160): arch=c000003e syscall=165 success=no exit=-13 a0=7fa8a0138e60 a1=7fa8a014c2d0 a2=7fa8a01479a0 a3=1 items=0 ppid=8423 pid=8426 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="mono" exe="/usr/bin/mono" subj=system_u:system_r:podsleuth_t:s0 key=(null)

Source RPM Packages           mono-core-2.0.1-12.fc10
Target RPM Packages           filesystem-2.4.19-1.fc10
Policy RPM                    selinux-policy-3.5.13-26.fc10

podsleuth-0.6.3-1.fc10.x86_64
Comment 3 Daniel Walsh 2008-12-09 09:54:04 EST
Why is podsleuth trying to mount an nfs file system?
Comment 4 David Nielsen 2008-12-09 11:47:45 EST
No idea, iPods should be vfat
Comment 5 Daniel Walsh 2008-12-09 14:44:15 EST
Ok It looks like we label hfs file systems as nfs_t, which some ipods use, so I guess we need to allow this.

You can allow this for now.

# audit2allow -M mypol -l -i /var/log/audit/audit.log
# semodule -i mypol.pp

Fixed in selinux-policy-3.5.13-34.fc10
Comment 6 Bug Zapper 2009-06-09 05:43:45 EDT
This bug appears to have been reported against 'rawhide' during the Fedora 11 development cycle.
Changing version to '11'.

More information and reason for this action is here:
http://fedoraproject.org/wiki/BugZappers/HouseKeeping

Note You need to log in before you can comment on or make changes to this bug.