Bug 495111 - selinux denial for synce (Windows Mobile device sync framework)
selinux denial for synce (Windows Mobile device sync framework)
Status: CLOSED RAWHIDE
Product: Fedora
Classification: Fedora
Component: selinux-policy (Show other bugs)
rawhide
All Linux
high Severity medium
: ---
: ---
Assigned To: Daniel Walsh
Fedora Extras Quality Assurance
:
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2009-04-09 15:19 EDT by Adam Williamson
Modified: 2009-04-11 07:36 EDT (History)
3 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2009-04-11 07:36:17 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)
sealert output (7.85 KB, text/plain)
2009-04-09 15:19 EDT, Adam Williamson
no flags Details

  None (edit)
Description Adam Williamson 2009-04-09 15:19:39 EDT
Created attachment 338979 [details]
sealert output

When I plug in my Windows Mobile phone, it should be handled by synce. However, if selinux is in enforcing mode, it isn't, and several denials get logged. If I disable selinux synce works as expected, so it's definitely the selinux denials that break it. The log messages are below; I'll attach the sealert output separately so bugzilla doesn't mangle it.

Apr  9 12:12:56 adam setroubleshoot: SELinux is preventing hal-dccm (hald_dccm_t) "create" hald_dccm_t. For complete SELinux messages. run sealert -l e4379389-5ad0-446e-8bdb-73ed579cf4f5
Apr  9 12:12:56 adam setroubleshoot: SELinux is preventing hal-dccm (hald_dccm_t) "connect" hald_dccm_t. For complete SELinux messages. run sealert -l eca8f40e-9892-4ad8-956e-f3f67100a7ac
Apr  9 12:12:56 adam setroubleshoot: SELinux is preventing hal-dccm (hald_dccm_t) "connect" hald_dccm_t. For complete SELinux messages. run sealert -l eca8f40e-9892-4ad8-956e-f3f67100a7ac
Apr  9 12:12:57 adam setroubleshoot: SELinux is preventing hal-dccm (hald_dccm_t) "connect" hald_dccm_t. For complete SELinux messages. run sealert -l eca8f40e-9892-4ad8-956e-f3f67100a7ac
Apr  9 12:12:57 adam setroubleshoot: SELinux is preventing hal-dccm (hald_dccm_t) "write" hald_dccm_t. For complete SELinux messages. run sealert -l 5b9e7a36-bf37-45e8-b458-31152ba326c2
Comment 1 Daniel Walsh 2009-04-11 07:36:17 EDT
Miroslav

Add 

logging_send_syslog_msg(hald_dccm_t) to F10 policy

You can add these rules for now using

# grep avc /var/log/audit/audit.log | audit2allow -M mypol
# semodule -i mypol.pp

Fixed in selinux-policy-3.6.12-3.fc11.noarch

Note You need to log in before you can comment on or make changes to this bug.