Bug 520902 - setroubleshoot: SELinux is preventing udev-acl.ck "getattr" access on video0.
Summary: setroubleshoot: SELinux is preventing udev-acl.ck "getattr" access on vi...
Keywords:
Status: CLOSED RAWHIDE
Alias: None
Product: Fedora
Classification: Fedora
Component: selinux-policy
Version: rawhide
Hardware: x86_64
OS: Linux
medium
medium
Target Milestone: ---
Assignee: Daniel Walsh
QA Contact: Fedora Extras Quality Assurance
URL:
Whiteboard: setroubleshoot_trace_hash:3d2d47b5f4b...
: 520903 520904 (view as bug list)
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2009-09-02 19:44 UTC by Matěj Cepl
Modified: 2018-04-11 08:18 UTC (History)
4 users (show)

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed: 2009-09-08 10:19:03 UTC
Type: ---
Embargoed:


Attachments (Terms of Use)

Description Matěj Cepl 2009-09-02 19:44:37 UTC
The following was filed automatically by setroubleshoot:

Souhrn:

SELinux is preventing udev-acl.ck "getattr" access on video0.

Podrobný popis:

[SELinux is in permissive mode. This access was not denied.]

SELinux denied access requested by udev-acl.ck. It is not expected that this
access is required by udev-acl.ck and this access may signal an intrusion
attempt. It is also possible that the specific version or configuration of the
application is causing it to require additional access.

Povolení přístupu:

You can generate a local policy module to allow this access - see FAQ
(http://fedora.redhat.com/docs/selinux-faq-fc5/#id2961385) Please file a bug
report (http://bugzilla.redhat.com/bugzilla/enter_bug.cgi) against this package.

Další informace:

Kontext zdroje                system_u:system_r:consolekit_t:s0-s0:c0.c1023
Kontext cíle                 system_u:object_r:v4l_device_t:s0
Objekty cíle                 video0 [ chr_file ]
Zdroj                         udev-acl.ck
Cesta zdroje                  /lib/udev/udev-acl
Port                          <Neznámé>
Počítač                    (removed)
RPM balíčky zdroje          udev-145-7.fc12
RPM balíčky cíle           
RPM politiky                  selinux-policy-3.6.28-9.fc12
Selinux povolen               True
Typ politiky                  targeted
MLS povoleno                  True
Vynucovací režim            Permissive
Název zásuvného modulu     catchall
Název počítače            (removed)
Platforma                     Linux (removed) 2.6.31-0.190.rc8.fc12.x86_64 #1 SMP
                              Fri Aug 28 18:51:58 EDT 2009 x86_64 x86_64
Počet upozornění           3
Poprvé viděno               Út 1. září 2009, 23:03:06 CEST
Naposledy viděno             Út 1. září 2009, 23:03:33 CEST
Místní ID                   a5efc4f3-111c-49c0-aaf3-e1a35beb6077
Čísla řádků              

Původní zprávy auditu      

node=(removed) type=AVC msg=audit(1251839013.696:300): avc:  denied  { getattr } for  pid=9349 comm="udev-acl.ck" name="video0" dev=tmpfs ino=3260258 scontext=system_u:system_r:consolekit_t:s0-s0:c0.c1023 tcontext=system_u:object_r:v4l_device_t:s0 tclass=chr_file

node=(removed) type=SYSCALL msg=audit(1251839013.696:300): arch=c000003e syscall=191 success=yes exit=0 a0=66fe70 a1=310c605b47 a2=7fff93561df0 a3=84 items=0 ppid=1322 pid=9349 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="udev-acl.ck" exe="/lib/udev/udev-acl" subj=system_u:system_r:consolekit_t:s0-s0:c0.c1023 key=(null)


audit2allow suggests:

#============= consolekit_t ==============
allow consolekit_t v4l_device_t:chr_file getattr;

Comment 1 Daniel Walsh 2009-09-08 10:19:03 UTC
Fixed in selinux-policy-3.6.30-4.fc12.noarch

Make sure /lib/udev/udev-acl is labeled udev_exec_t

Comment 2 Daniel Walsh 2009-09-08 10:19:27 UTC
*** Bug 520903 has been marked as a duplicate of this bug. ***

Comment 3 Daniel Walsh 2009-09-08 10:19:46 UTC
*** Bug 520904 has been marked as a duplicate of this bug. ***


Note You need to log in before you can comment on or make changes to this bug.