Bugzilla will be upgraded to version 5.0. The upgrade date is tentatively scheduled for 2 December 2018, pending final testing and feedback.
Bug 588770 - SELinux is preventing /usr/bin/pulseaudio "create" access on native.
SELinux is preventing /usr/bin/pulseaudio "create" access on native.
Status: CLOSED CURRENTRELEASE
Product: Fedora
Classification: Fedora
Component: selinux-policy (Show other bugs)
12
i386 Linux
low Severity medium
: ---
: ---
Assigned To: Daniel Walsh
Fedora Extras Quality Assurance
setroubleshoot_trace_hash:d7649d4ebae...
:
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2010-05-04 09:35 EDT by Andris Pavenis
Modified: 2010-11-03 21:47 EDT (History)
2 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2010-11-03 09:48:58 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)

  None (edit)
Description Andris Pavenis 2010-05-04 09:35:22 EDT
Summary:

SELinux is preventing /usr/bin/pulseaudio "create" access on native.

Detailed Description:

[SELinux is in permissive mode. This access was not denied.]

SELinux denied access requested by pulseaudio. It is not expected that this
access is required by pulseaudio and this access may signal an intrusion
attempt. It is also possible that the specific version or configuration of the
application is causing it to require additional access.

Allowing Access:

You can generate a local policy module to allow this access - see FAQ
(http://docs.fedoraproject.org/selinux-faq-fc5/#id2961385) Please file a bug
report.

Additional Information:

Source Context                system_u:system_r:xdm_t:s0-s0:c0.c1023
Target Context                system_u:object_r:var_lib_t:s0
Target Objects                native [ sock_file ]
Source                        pulseaudio
Source Path                   /usr/bin/pulseaudio
Port                          <Unknown>
Host                          (removed)
Source RPM Packages           pulseaudio-0.9.21-5.fc12
Target RPM Packages           
Policy RPM                    selinux-policy-3.6.32-113.fc12
Selinux Enabled               True
Policy Type                   targeted
Enforcing Mode                Permissive
Plugin Name                   catchall
Host Name                     (removed)
Platform                      Linux (removed)
                              2.6.32.10-90.fc12.i686 #1 SMP Tue Mar 23 10:21:29
                              UTC 2010 i686 i686
Alert Count                   1
First Seen                    Tue 04 May 2010 04:34:04 PM EEST
Last Seen                     Tue 04 May 2010 04:34:04 PM EEST
Local ID                      ed6598d7-c150-4169-b54b-2b5f923c3009
Line Numbers                  

Raw Audit Messages            

node=(removed) type=AVC msg=audit(1272980044.155:38780): avc:  denied  { create } for  pid=6097 comm="pulseaudio" name="native" scontext=system_u:system_r:xdm_t:s0-s0:c0.c1023 tcontext=system_u:object_r:var_lib_t:s0 tclass=sock_file

node=(removed) type=SYSCALL msg=audit(1272980044.155:38780): arch=40000003 syscall=102 success=yes exit=0 a0=2 a1=bfc44fe0 a2=655b21c a3=1b items=0 ppid=6095 pid=6097 auid=4294967295 uid=42 gid=476 euid=42 suid=42 fsuid=42 egid=476 sgid=476 fsgid=476 tty=(none) ses=4294967295 comm="pulseaudio" exe="/usr/bin/pulseaudio" subj=system_u:system_r:xdm_t:s0-s0:c0.c1023 key=(null)



Hash String generated from  catchall,pulseaudio,xdm_t,var_lib_t,sock_file,create
audit2allow suggests:

#============= xdm_t ==============
allow xdm_t var_lib_t:sock_file create;
Comment 1 Daniel Walsh 2010-05-04 10:08:07 EDT
Looks like something is mislabled under /var/lib?   If you run 

restorecon -R -v /var/lib

Does it change any labels?
Comment 2 Andris Pavenis 2010-05-11 15:10:22 EDT
Today tested.

No messages from 'restorecon -R -v /var/lib'.
Comment 3 Daniel Walsh 2010-05-11 17:18:46 EDT
# find /var/lib/ -name native -printf "%P %Z\n"


What does this show?
Comment 4 Andris Pavenis 2010-05-12 00:54:45 EDT
Also nothing.
Comment 5 Andris Pavenis 2010-05-12 03:11:37 EDT
Got again the same error after rebooting system (F12 i386) after updates.
Both commands mentioned above returned nothing. Additionally search for files
with basename 'native' on entire system:

updatedb
locate native | egrep '/native$'

did not return anything relevant to the problem.

There are also 3 extra perhaps related SELinux error messages:

-------------------------------------------------------------------

Summary:

SELinux is preventing /usr/bin/pulseaudio "setattr" access on native.

Detailed Description:

[SELinux is in permissive mode. This access was not denied.]

SELinux denied access requested by pulseaudio. It is not expected that this
access is required by pulseaudio and this access may signal an intrusion
attempt. It is also possible that the specific version or configuration of the
application is causing it to require additional access.

Allowing Access:

You can generate a local policy module to allow this access - see FAQ
(http://docs.fedoraproject.org/selinux-faq-fc5/#id2961385) Please file a bug
report.

Additional Information:

Source Context                system_u:system_r:xdm_t:s0-s0:c0.c1023
Target Context                system_u:object_r:var_lib_t:s0
Target Objects                native [ sock_file ]
Source                        pulseaudio
Source Path                   /usr/bin/pulseaudio
Port                          <Unknown>
Source RPM Packages           pulseaudio-0.9.21-5.fc12
Target RPM Packages           
Policy RPM                    selinux-policy-3.6.32-113.fc12
Selinux Enabled               True
Policy Type                   targeted
Enforcing Mode                Permissive
Plugin Name                   catchall
Platform                      Linux <host name removed>
                              2.6.32.10-90.fc12.i686 #1 SMP Tue Mar 23 10:21:29
                              UTC 2010 i686 i686
Alert Count                   1
First Seen                    Wed 12 May 2010 09:37:36 AM EEST
Last Seen                     Wed 12 May 2010 09:37:36 AM EEST
Local ID                      12cea95f-97db-4ff5-9965-9813762ff59b
Line Numbers                  

Raw Audit Messages            

node=<hostname removed> type=AVC msg=audit(1273646256.238:36999): avc:  denied  { setattr } for  pid=2204 comm="pulseaudio" name="native" dev=sda1 ino=1179890 scontext=system_u:system_r:xdm_t:s0-s0:c0.c1023 tcontext=system_u:object_r:var_lib_t:s0 tclass=sock_file

node=<hostname removed> type=SYSCALL msg=audit(1273646256.238:36999): arch=40000003 syscall=15 success=yes exit=0 a0=90fc808 a1=1ff a2=5dea21c a3=1b items=0 ppid=2202 pid=2204 auid=4294967295 uid=42 gid=476 euid=42 suid=42 fsuid=42 egid=476 sgid=476 fsgid=476 tty=(none) ses=4294967295 comm="pulseaudio" exe="/usr/bin/pulseaudio" subj=system_u:system_r:xdm_t:s0-s0:c0.c1023 key=(null)


-----------------------------------------------------------------

Summary:

SELinux is preventing /usr/bin/metacity "write" access on native.

Detailed Description:

[SELinux is in permissive mode. This access was not denied.]

SELinux denied access requested by metacity. It is not expected that this access
is required by metacity and this access may signal an intrusion attempt. It is
also possible that the specific version or configuration of the application is
causing it to require additional access.

Allowing Access:

You can generate a local policy module to allow this access - see FAQ
(http://docs.fedoraproject.org/selinux-faq-fc5/#id2961385) Please file a bug
report.

Additional Information:

Source Context                system_u:system_r:xdm_t:s0-s0:c0.c1023
Target Context                system_u:object_r:var_lib_t:s0
Target Objects                native [ sock_file ]
Source                        canberra-gtk-pl
Source Path                   /usr/bin/canberra-gtk-play
Port                          <Unknown>
Host                          <hostname removed>
Source RPM Packages           metacity-2.28.0-14.fc12
Target RPM Packages           
Policy RPM                    selinux-policy-3.6.32-113.fc12
Selinux Enabled               True
Policy Type                   targeted
Enforcing Mode                Permissive
Plugin Name                   catchall
Host Name                     <hostname removed>
Platform                      Linux <hostname removed>
                              2.6.32.10-90.fc12.i686 #1 SMP Tue Mar 23 10:21:29
                              UTC 2010 i686 i686
Alert Count                   2
First Seen                    Wed 12 May 2010 09:37:36 AM EEST
Last Seen                     Wed 12 May 2010 09:38:03 AM EEST
Local ID                      322a3a73-9271-473b-b66b-c6f9e7fa0c23
Line Numbers                  

Raw Audit Messages            

node=<hostname removed> type=AVC msg=audit(1273646283.22:37003): avc:  denied  { write } for  pid=2186 comm="metacity" name="native" dev=sda1 ino=1179890 scontext=system_u:system_r:xdm_t:s0-s0:c0.c1023 tcontext=system_u:object_r:var_lib_t:s0 tclass=sock_file

node=<hostname removed> type=SYSCALL msg=audit(1273646283.22:37003): arch=40000003 syscall=102 success=yes exit=0 a0=3 a1=bfee56b0 a2=5dea21c a3=81af398 items=0 ppid=2123 pid=2186 auid=4294967295 uid=42 gid=476 euid=42 suid=42 fsuid=42 egid=476 sgid=476 fsgid=476 tty=(none) ses=4294967295 comm="metacity" exe="/usr/bin/metacity" subj=system_u:system_r:xdm_t:s0-s0:c0.c1023 key=(null)


--------------------------------------------------------------------

Summary:

SELinux is preventing /usr/bin/pulseaudio "unlink" access on native.

Detailed Description:

[SELinux is in permissive mode. This access was not denied.]

SELinux denied access requested by pulseaudio. It is not expected that this
access is required by pulseaudio and this access may signal an intrusion
attempt. It is also possible that the specific version or configuration of the
application is causing it to require additional access.

Allowing Access:

You can generate a local policy module to allow this access - see FAQ
(http://docs.fedoraproject.org/selinux-faq-fc5/#id2961385) Please file a bug
report.

Additional Information:

Source Context                system_u:system_r:xdm_t:s0-s0:c0.c1023
Target Context                system_u:object_r:var_lib_t:s0
Target Objects                native [ sock_file ]
Source                        pulseaudio
Source Path                   /usr/bin/pulseaudio
Port                          <Unknown>
Host                          <hostname removed>
Source RPM Packages           pulseaudio-0.9.21-5.fc12
Target RPM Packages           
Policy RPM                    selinux-policy-3.6.32-113.fc12
Selinux Enabled               True
Policy Type                   targeted
Enforcing Mode                Permissive
Plugin Name                   catchall
Host Name                     <hostname removed>
Platform                      Linux <hostname removed>
                              2.6.32.10-90.fc12.i686 #1 SMP Tue Mar 23 10:21:29
                              UTC 2010 i686 i686
Alert Count                   1
First Seen                    Wed 12 May 2010 09:38:26 AM EEST
Last Seen                     Wed 12 May 2010 09:38:26 AM EEST
Local ID                      c860f83f-4f13-4534-b409-5d52b0ae0d15
Line Numbers                  

Raw Audit Messages            

node=<hostname removed> type=AVC msg=audit(1273646306.410:37013): avc:  denied  { unlink } for  pid=2204 comm="pulseaudio" name="native" dev=sda1 ino=1179890 scontext=system_u:system_r:xdm_t:s0-s0:c0.c1023 tcontext=system_u:object_r:var_lib_t:s0 tclass=sock_file

node=<hostname removed> type=SYSCALL msg=audit(1273646306.410:37013): arch=40000003 syscall=10 success=yes exit=0 a0=910d2c0 a1=8ec390 a2=5dea21c a3=90ee230 items=0 ppid=1 pid=2204 auid=4294967295 uid=42 gid=476 euid=42 suid=42 fsuid=42 egid=476 sgid=476 fsgid=476 tty=(none) ses=4294967295 comm="pulseaudio" exe="/usr/bin/pulseaudio" subj=system_u:system_r:xdm_t:s0-s0:c0.c1023 key=(null)

-----------------------------------------------------------
Comment 6 Daniel Walsh 2010-05-12 09:07:39 EDT
ls -lZ /var/lib/gdm

Are you using gdm? lxdm? kdm?
Comment 7 Andris Pavenis 2010-05-12 09:44:28 EDT
[root@callisto ~]# ls -lZ /var/lib/gdm
[root@callisto ~]# ls -ld /var/lib/gdm
drwxrwx--T. 10 gdm gdm 4096 2010-05-12 09:37 /var/lib/gdm

Related processes:

2027 ?        Ss     0:00 /usr/sbin/gdm-binary -nodaemon
2087 ?        S      0:00 /usr/libexec/gdm-simple-slave --display-id /org/gnome/DisplayManager/Display1 --force-active-vt
2089 tty1     Ss+   14:24 /usr/bin/Xorg :0 -nr -verbose -auth /var/run/gdm/auth-for-gdm-KbYZl0/database -nolisten tcp vt1
Comment 8 Daniel Walsh 2010-05-12 10:52:10 EDT
I want to know what context it has.


ls -lZd /var/lib/gdm


run restorecon -v /var/lib/gdm
Comment 9 Andris Pavenis 2010-05-12 15:37:23 EDT
[root@callisto ~]# ls -lZd /var/lib/gdm
drwxrwx--T. gdm gdm system_u:object_r:xdm_var_lib_t:s0 /var/lib/gdm
[root@callisto ~]# restorecon -v /var/lib/gdm
[root@callisto ~]# ls -lZd /var/lib/gdm
drwxrwx--T. gdm gdm system_u:object_r:xdm_var_lib_t:s0 /var/lib/gdm
Comment 10 Daniel Walsh 2010-05-12 15:55:05 EDT
Ok, can you turn on full auditing so we can get the full path.

Can you 

# echo "-w /etc/shadow -p w" >> /etc/audit/audit.rules

And reboot.

We should get the full path of the file.

Grab the avc with 

ausearch -m avc -ts recent

Remove this line to turn off full auditing.
Comment 11 Andris Pavenis 2010-05-13 08:15:24 EDT
[root@callisto ~]# ausearch -m avc -ts recent
----
time->Thu May 13 15:12:26 2010
type=PATH msg=audit(1273752746.950:43): item=2 name=(null) inode=1179890 dev=08:01 mode=0140755 ouid=42 ogid=476 rdev=00:00 obj=system_u:object_r:var_lib_t:s0
type=PATH msg=audit(1273752746.950:43): item=1 name=(null) inode=1181056 dev=08:01 mode=040700 ouid=42 ogid=476 rdev=00:00 obj=system_u:object_r:var_lib_t:s0
type=PATH msg=audit(1273752746.950:43): item=0 name=(null) inode=1181056 dev=08:01 mode=040700 ouid=42 ogid=476 rdev=00:00 obj=system_u:object_r:var_lib_t:s0
type=SOCKADDR msg=audit(1273752746.950:43): saddr=01002F7661722F6C69622F67646D2F2E70756C73652F64393837303136356662353839383738316433306130636634623130366632622D72756E74696D652F6E6174697665
type=SOCKETCALL msg=audit(1273752746.950:43): nargs=3 a0=1b a1=bf8f4ffe a2=45
type=SYSCALL msg=audit(1273752746.950:43): arch=40000003 syscall=102 success=yes exit=0 a0=2 a1=bf8f4fa0 a2=5dea21c a3=1b items=3 ppid=2229 pid=2231 auid=4294967295 uid=42 gid=476 euid=42 suid=42 fsuid=42 egid=476 sgid=476 fsgid=476 tty=(none) ses=4294967295 comm="pulseaudio" exe="/usr/bin/pulseaudio" subj=system_u:system_r:xdm_t:s0-s0:c0.c1023 key=(null)
type=AVC msg=audit(1273752746.950:43): avc:  denied  { create } for  pid=2231 comm="pulseaudio" name="native" scontext=system_u:system_r:xdm_t:s0-s0:c0.c1023 tcontext=system_u:object_r:var_lib_t:s0 tclass=sock_file
----
time->Thu May 13 15:12:26 2010
type=PATH msg=audit(1273752746.951:44): item=0 name="/var/lib/gdm/.pulse/d9870165fb5898781d30a0cf4b106f2b-runtime/native" inode=1179890 dev=08:01 mode=0140755 ouid=42 ogid=476 rdev=00:00 obj=system_u:object_r:var_lib_t:s0
type=CWD msg=audit(1273752746.951:44):  cwd="/"
type=SYSCALL msg=audit(1273752746.951:44): arch=40000003 syscall=15 success=yes exit=0 a0=86e0808 a1=1ff a2=5dea21c a3=1b items=1 ppid=2229 pid=2231 auid=4294967295 uid=42 gid=476 euid=42 suid=42 fsuid=42 egid=476 sgid=476 fsgid=476 tty=(none) ses=4294967295 comm="pulseaudio" exe="/usr/bin/pulseaudio" subj=system_u:system_r:xdm_t:s0-s0:c0.c1023 key=(null)
type=AVC msg=audit(1273752746.951:44): avc:  denied  { setattr } for  pid=2231 comm="pulseaudio" name="native" dev=sda1 ino=1179890 scontext=system_u:system_r:xdm_t:s0-s0:c0.c1023 tcontext=system_u:object_r:var_lib_t:s0 tclass=sock_file
----
time->Thu May 13 15:12:27 2010
type=PATH msg=audit(1273752747.085:45): item=0 name=(null) inode=1179890 dev=08:01 mode=0140777 ouid=42 ogid=476 rdev=00:00 obj=system_u:object_r:var_lib_t:s0
type=SOCKADDR msg=audit(1273752747.085:45): saddr=01002F7661722F6C69622F67646D2F2E70756C73652F64393837303136356662353839383738316433306130636634623130366632622D72756E74696D652F6E61746976650000000000000000000000000000000000000000000000000000000000000000000000000000000000
type=SOCKETCALL msg=audit(1273752747.085:45): nargs=3 a0=8 a1=b2c2febe a2=6e
type=SYSCALL msg=audit(1273752747.085:45): arch=40000003 syscall=102 success=yes exit=0 a0=3 a1=b2c2fdc0 a2=5dea21c a3=0 items=1 ppid=2185 pid=2227 auid=4294967295 uid=42 gid=476 euid=42 suid=42 fsuid=42 egid=476 sgid=476 fsgid=476 tty=(none) ses=4294967295 comm="canberra-gtk-pl" exe="/usr/bin/canberra-gtk-play" subj=system_u:system_r:xdm_t:s0-s0:c0.c1023 key=(null)
type=AVC msg=audit(1273752747.085:45): avc:  denied  { write } for  pid=2227 comm="canberra-gtk-pl" name="native" dev=sda1 ino=1179890 scontext=system_u:system_r:xdm_t:s0-s0:c0.c1023 tcontext=system_u:object_r:var_lib_t:s0 tclass=sock_file
Comment 12 Miroslav Grepl 2010-11-03 09:48:58 EDT
Are you still seeing this issue with the latest F-12 selinux-policy? If yes, please reopen the bug.
Comment 13 Bug Zapper 2010-11-03 11:40:41 EDT
This message is a reminder that Fedora 12 is nearing its end of life.
Approximately 30 (thirty) days from now Fedora will stop maintaining
and issuing updates for Fedora 12.  It is Fedora's policy to close all
bug reports from releases that are no longer maintained.  At that time
this bug will be closed as WONTFIX if it remains open with a Fedora 
'version' of '12'.

Package Maintainer: If you wish for this bug to remain open because you
plan to fix it in a currently maintained version, simply change the 'version' 
to a later Fedora version prior to Fedora 12's end of life.

Bug Reporter: Thank you for reporting this issue and we are sorry that 
we may not be able to fix it before Fedora 12 is end of life.  If you 
would still like to see this bug fixed and are able to reproduce it 
against a later version of Fedora please change the 'version' of this 
bug to the applicable version.  If you are unable to change the version, 
please add a comment here and someone will do it for you.

Although we aim to fix as many bugs as possible during every release's 
lifetime, sometimes those efforts are overtaken by events.  Often a 
more recent Fedora release includes newer upstream software that fixes 
bugs or makes them obsolete.

The process we are following is described here: 
http://fedoraproject.org/wiki/BugZappers/HouseKeeping
Comment 14 Andris Pavenis 2010-11-03 21:47:27 EDT
(In reply to comment #12)
> Are you still seeing this issue with the latest F-12 selinux-policy? If yes,
> please reopen the bug.

Unfortunately I do not have Fedora 12 around any more, so cannot easily test with it. I do not see similar errors in Fedora 13 at least not in the last time.

Note You need to log in before you can comment on or make changes to this bug.