Yhteenveto: SELinux is preventing the /usr/bin/pulseaudio from using potentially mislabeled files (autospawn.lock). Yksityiskohtainen kuvaus: SELinux has denied pulseaudio access to potentially mislabeled file(s) (autospawn.lock). This means that SELinux will not allow pulseaudio to use these files. It is common for users to edit files in their home directory or tmp directories and then move (mv) them to system directories. The problem is that the files end up with the wrong file context which confined applications are not allowed to access. Sallitaan pääsy: If you want pulseaudio to access this files, you need to relabel them using restorecon -v 'autospawn.lock'. You might want to relabel the entire directory using restorecon -R -v ''. Lisätiedot: Lähdekonteksti system_u:system_r:xdm_t:s0-s0:c0.c1023 Kohdekonteksti system_u:object_r:user_tmp_t:s0 Kohdeobjektit autospawn.lock [ file ] Lähde pulseaudio Lähteen polku /usr/bin/pulseaudio Portti <Tuntematon> Kone (removed) Lähteen RPM-paketit pulseaudio-0.9.21-1.fc12 Kohteen RPM-paketit Käytännön RPM selinux-policy-3.6.32-49.fc12 SELinux käytössä True Käytännön tyyppi targeted Toimeenpanotila Enforcing Liitännäisen nimi home_tmp_bad_labels Konenimi (removed) Alusta Linux Uneksija 2.6.31.5-127.fc12.x86_64 #1 SMP Sat Nov 7 21:11:14 EST 2009 x86_64 x86_64 Varoitusten määrä 1 Ensimmäinen la 5. joulukuuta 2009 23.44.12 Viimeisin la 5. joulukuuta 2009 23.44.12 Paikallinen tunniste cdbf4382-b8c8-4c76-b299-65c3ee9a7174 Rivinumerot Muokkaamattomat tarkastusvies node=Uneksija type=AVC msg=audit(1260049452.452:6): avc: denied { create } for pid=1649 comm="pulseaudio" name="autospawn.lock" scontext=system_u:system_r:xdm_t:s0-s0:c0.c1023 tcontext=system_u:object_r:user_tmp_t:s0 tclass=file node=Uneksija type=SYSCALL msg=audit(1260049452.452:6): arch=c000003e syscall=2 success=no exit=-13 a0=7f63200009a0 a1=20142 a2=180 a3=fffffff2 items=0 ppid=1639 pid=1649 auid=4294967295 uid=42 gid=473 euid=42 suid=42 fsuid=42 egid=473 sgid=473 fsgid=473 tty=(none) ses=4294967295 comm="pulseaudio" exe="/usr/bin/pulseaudio" subj=system_u:system_r:xdm_t:s0-s0:c0.c1023 key=(null) Hash String generated from selinux-policy-3.6.32-49.fc12,home_tmp_bad_labels,pulseaudio,xdm_t,user_tmp_t,file,create audit2allow suggests: #============= xdm_t ============== allow xdm_t user_tmp_t:file create;
Are you logged in as the context xdm_t? id -Z
THis looks like pulseaudit is trying to create autospawn.lock in a directory previosly created by a user?
seems unlikely quickly browsing the code. I see something like k = pa_sprintf_malloc("%s/%s-runtime", get_pulse_home (), get_machine_id ()); so it doesn't seem like a dir a user would create But I don't know how this stuff works, cc'ing lennart
hmm, we create that lock file in a dir in /tmp. The name of that dir is randomly chosen, and verified to belong to us, so it should be set up properly.
So the directory is shared between all users of pulseaudio even if pulseaudio is running as root? Versus a non root UID?
--- Fedora Bugzappers volunteer triage team https://fedoraproject.org/wiki/BugZappers
Miroslav, lets just allow this access. userdom_manage_user_tmp_files(xdm_t)
Fixed in selinux-policy-3.6.32-80.fc12
selinux-policy-3.6.32-82.fc12 has been submitted as an update for Fedora 12. http://admin.fedoraproject.org/updates/selinux-policy-3.6.32-82.fc12
selinux-policy-3.6.32-84.fc12 has been pushed to the Fedora 12 testing repository. If problems still persist, please make note of it in this bug report. If you want to test the update, you can install it with su -c 'yum --enablerepo=updates-testing update selinux-policy'. You can provide feedback for this update here: http://admin.fedoraproject.org/updates/F12/FEDORA-2010-1492
selinux-policy-3.6.32-84.fc12 has been pushed to the Fedora 12 stable repository. If problems still persist, please make note of it in this bug report.