Summary: SELinux is preventing /usr/bin/pulseaudio "setattr" access on /var/lib/mpd/.pulse. Detailed Description: [SELinux is in permissive mode. This access was not denied.] SELinux denied access requested by pulseaudio. It is not expected that this access is required by pulseaudio and this access may signal an intrusion attempt. It is also possible that the specific version or configuration of the application is causing it to require additional access. Allowing Access: You can generate a local policy module to allow this access - see FAQ (http://docs.fedoraproject.org/selinux-faq-fc5/#id2961385) Please file a bug report. Additional Information: Source Context unconfined_u:system_r:pulseaudio_t:s0 Target Context unconfined_u:object_r:var_lib_t:s0 Target Objects /var/lib/mpd/.pulse [ dir ] Source pulseaudio Source Path /usr/bin/pulseaudio Port <Unknown> Host (removed) Source RPM Packages pulseaudio-0.9.21-5.fc12 Target RPM Packages Policy RPM selinux-policy-3.6.32-110.fc12 Selinux Enabled True Policy Type targeted Enforcing Mode Permissive Plugin Name catchall Host Name (removed) Platform Linux (removed) 2.6.32.11-99.fc12.i686.PAE #1 SMP Mon Apr 5 16:15:03 EDT 2010 i686 i686 Alert Count 5 First Seen Thu 22 Apr 2010 02:07:12 AM CDT Last Seen Thu 22 Apr 2010 04:00:54 AM CDT Local ID 0f7b51f8-2fef-44d9-9993-3b65b32c7bfe Line Numbers Raw Audit Messages node=(removed) type=AVC msg=audit(1271926854.758:29787): avc: denied { setattr } for pid=10651 comm="pulseaudio" name=".pulse" dev=dm-0 ino=172094 scontext=unconfined_u:system_r:pulseaudio_t:s0 tcontext=unconfined_u:object_r:var_lib_t:s0 tclass=dir node=(removed) type=SYSCALL msg=audit(1271926854.758:29787): arch=40000003 syscall=212 success=yes exit=0 a0=b6a00520 a1=1ee a2=1db a3=b6a00520 items=0 ppid=10641 pid=10651 auid=500 uid=494 gid=475 euid=494 suid=494 fsuid=494 egid=475 sgid=475 fsgid=475 tty=(none) ses=4 comm="pulseaudio" exe="/usr/bin/pulseaudio" subj=unconfined_u:system_r:pulseaudio_t:s0 key=(null) Hash String generated from catchall,pulseaudio,pulseaudio_t,var_lib_t,dir,setattr audit2allow suggests: #============= pulseaudio_t ============== allow pulseaudio_t var_lib_t:dir setattr;
Was /var/lib/mpd a local customization? # semange fcontext -a -t pulseaudio_var_lib_t '/var/lib/mpd(/.*)?' # restorecon -R -v /var/lib/mpd Should fix.
I am closing it as CANTFIX. That's relating to Music Player Daemon.
i thank you for spending time on a daemon that is not in the Fedora repos. Is it a CANTFIX simply because it is not in the official Fedora repos or does the mpd use pulseaudio in a way that would never be compatible with selinux.
Does the lines above fix the problem?
After doing the following again, that selinux issue no longer appears. # semanage fcontext -a -t pulseaudio_var_lib_t '/var/lib/mpd(/.*)?' # restorecon -R -v /var/lib/mpd
That is what the current policy has for labeling. If you can get mpd into fedora, we will write policy for it. Miroslav can you add this labeling to F12. It is in F13.
Fixed in selinux-policy-3.6.32-115.fc12
selinux-policy-3.6.32-116.fc12 has been submitted as an update for Fedora 12. http://admin.fedoraproject.org/updates/selinux-policy-3.6.32-116.fc12
selinux-policy-3.6.32-116.fc12 has been pushed to the Fedora 12 testing repository. If problems still persist, please make note of it in this bug report. If you want to test the update, you can install it with su -c 'yum --enablerepo=updates-testing update selinux-policy'. You can provide feedback for this update here: http://admin.fedoraproject.org/updates/selinux-policy-3.6.32-116.fc12
selinux-policy-3.6.32-116.fc12 has been pushed to the Fedora 12 stable repository. If problems still persist, please make note of it in this bug report.