Summary: SELinux is preventing /usr/bin/pulseaudio "create" access on native. Detailed Description: [SELinux is in permissive mode. This access was not denied.] SELinux denied access requested by pulseaudio. It is not expected that this access is required by pulseaudio and this access may signal an intrusion attempt. It is also possible that the specific version or configuration of the application is causing it to require additional access. Allowing Access: You can generate a local policy module to allow this access - see FAQ (http://docs.fedoraproject.org/selinux-faq-fc5/#id2961385) Please file a bug report. Additional Information: Source Context system_u:system_r:xdm_t:s0-s0:c0.c1023 Target Context system_u:object_r:var_lib_t:s0 Target Objects native [ sock_file ] Source pulseaudio Source Path /usr/bin/pulseaudio Port <Unknown> Host (removed) Source RPM Packages pulseaudio-0.9.21-5.fc12 Target RPM Packages Policy RPM selinux-policy-3.6.32-113.fc12 Selinux Enabled True Policy Type targeted Enforcing Mode Permissive Plugin Name catchall Host Name (removed) Platform Linux (removed) 2.6.32.10-90.fc12.i686 #1 SMP Tue Mar 23 10:21:29 UTC 2010 i686 i686 Alert Count 1 First Seen Tue 04 May 2010 04:34:04 PM EEST Last Seen Tue 04 May 2010 04:34:04 PM EEST Local ID ed6598d7-c150-4169-b54b-2b5f923c3009 Line Numbers Raw Audit Messages node=(removed) type=AVC msg=audit(1272980044.155:38780): avc: denied { create } for pid=6097 comm="pulseaudio" name="native" scontext=system_u:system_r:xdm_t:s0-s0:c0.c1023 tcontext=system_u:object_r:var_lib_t:s0 tclass=sock_file node=(removed) type=SYSCALL msg=audit(1272980044.155:38780): arch=40000003 syscall=102 success=yes exit=0 a0=2 a1=bfc44fe0 a2=655b21c a3=1b items=0 ppid=6095 pid=6097 auid=4294967295 uid=42 gid=476 euid=42 suid=42 fsuid=42 egid=476 sgid=476 fsgid=476 tty=(none) ses=4294967295 comm="pulseaudio" exe="/usr/bin/pulseaudio" subj=system_u:system_r:xdm_t:s0-s0:c0.c1023 key=(null) Hash String generated from catchall,pulseaudio,xdm_t,var_lib_t,sock_file,create audit2allow suggests: #============= xdm_t ============== allow xdm_t var_lib_t:sock_file create;
Looks like something is mislabled under /var/lib? If you run restorecon -R -v /var/lib Does it change any labels?
Today tested. No messages from 'restorecon -R -v /var/lib'.
# find /var/lib/ -name native -printf "%P %Z\n" What does this show?
Also nothing.
Got again the same error after rebooting system (F12 i386) after updates. Both commands mentioned above returned nothing. Additionally search for files with basename 'native' on entire system: updatedb locate native | egrep '/native$' did not return anything relevant to the problem. There are also 3 extra perhaps related SELinux error messages: ------------------------------------------------------------------- Summary: SELinux is preventing /usr/bin/pulseaudio "setattr" access on native. Detailed Description: [SELinux is in permissive mode. This access was not denied.] SELinux denied access requested by pulseaudio. It is not expected that this access is required by pulseaudio and this access may signal an intrusion attempt. It is also possible that the specific version or configuration of the application is causing it to require additional access. Allowing Access: You can generate a local policy module to allow this access - see FAQ (http://docs.fedoraproject.org/selinux-faq-fc5/#id2961385) Please file a bug report. Additional Information: Source Context system_u:system_r:xdm_t:s0-s0:c0.c1023 Target Context system_u:object_r:var_lib_t:s0 Target Objects native [ sock_file ] Source pulseaudio Source Path /usr/bin/pulseaudio Port <Unknown> Source RPM Packages pulseaudio-0.9.21-5.fc12 Target RPM Packages Policy RPM selinux-policy-3.6.32-113.fc12 Selinux Enabled True Policy Type targeted Enforcing Mode Permissive Plugin Name catchall Platform Linux <host name removed> 2.6.32.10-90.fc12.i686 #1 SMP Tue Mar 23 10:21:29 UTC 2010 i686 i686 Alert Count 1 First Seen Wed 12 May 2010 09:37:36 AM EEST Last Seen Wed 12 May 2010 09:37:36 AM EEST Local ID 12cea95f-97db-4ff5-9965-9813762ff59b Line Numbers Raw Audit Messages node=<hostname removed> type=AVC msg=audit(1273646256.238:36999): avc: denied { setattr } for pid=2204 comm="pulseaudio" name="native" dev=sda1 ino=1179890 scontext=system_u:system_r:xdm_t:s0-s0:c0.c1023 tcontext=system_u:object_r:var_lib_t:s0 tclass=sock_file node=<hostname removed> type=SYSCALL msg=audit(1273646256.238:36999): arch=40000003 syscall=15 success=yes exit=0 a0=90fc808 a1=1ff a2=5dea21c a3=1b items=0 ppid=2202 pid=2204 auid=4294967295 uid=42 gid=476 euid=42 suid=42 fsuid=42 egid=476 sgid=476 fsgid=476 tty=(none) ses=4294967295 comm="pulseaudio" exe="/usr/bin/pulseaudio" subj=system_u:system_r:xdm_t:s0-s0:c0.c1023 key=(null) ----------------------------------------------------------------- Summary: SELinux is preventing /usr/bin/metacity "write" access on native. Detailed Description: [SELinux is in permissive mode. This access was not denied.] SELinux denied access requested by metacity. It is not expected that this access is required by metacity and this access may signal an intrusion attempt. It is also possible that the specific version or configuration of the application is causing it to require additional access. Allowing Access: You can generate a local policy module to allow this access - see FAQ (http://docs.fedoraproject.org/selinux-faq-fc5/#id2961385) Please file a bug report. Additional Information: Source Context system_u:system_r:xdm_t:s0-s0:c0.c1023 Target Context system_u:object_r:var_lib_t:s0 Target Objects native [ sock_file ] Source canberra-gtk-pl Source Path /usr/bin/canberra-gtk-play Port <Unknown> Host <hostname removed> Source RPM Packages metacity-2.28.0-14.fc12 Target RPM Packages Policy RPM selinux-policy-3.6.32-113.fc12 Selinux Enabled True Policy Type targeted Enforcing Mode Permissive Plugin Name catchall Host Name <hostname removed> Platform Linux <hostname removed> 2.6.32.10-90.fc12.i686 #1 SMP Tue Mar 23 10:21:29 UTC 2010 i686 i686 Alert Count 2 First Seen Wed 12 May 2010 09:37:36 AM EEST Last Seen Wed 12 May 2010 09:38:03 AM EEST Local ID 322a3a73-9271-473b-b66b-c6f9e7fa0c23 Line Numbers Raw Audit Messages node=<hostname removed> type=AVC msg=audit(1273646283.22:37003): avc: denied { write } for pid=2186 comm="metacity" name="native" dev=sda1 ino=1179890 scontext=system_u:system_r:xdm_t:s0-s0:c0.c1023 tcontext=system_u:object_r:var_lib_t:s0 tclass=sock_file node=<hostname removed> type=SYSCALL msg=audit(1273646283.22:37003): arch=40000003 syscall=102 success=yes exit=0 a0=3 a1=bfee56b0 a2=5dea21c a3=81af398 items=0 ppid=2123 pid=2186 auid=4294967295 uid=42 gid=476 euid=42 suid=42 fsuid=42 egid=476 sgid=476 fsgid=476 tty=(none) ses=4294967295 comm="metacity" exe="/usr/bin/metacity" subj=system_u:system_r:xdm_t:s0-s0:c0.c1023 key=(null) -------------------------------------------------------------------- Summary: SELinux is preventing /usr/bin/pulseaudio "unlink" access on native. Detailed Description: [SELinux is in permissive mode. This access was not denied.] SELinux denied access requested by pulseaudio. It is not expected that this access is required by pulseaudio and this access may signal an intrusion attempt. It is also possible that the specific version or configuration of the application is causing it to require additional access. Allowing Access: You can generate a local policy module to allow this access - see FAQ (http://docs.fedoraproject.org/selinux-faq-fc5/#id2961385) Please file a bug report. Additional Information: Source Context system_u:system_r:xdm_t:s0-s0:c0.c1023 Target Context system_u:object_r:var_lib_t:s0 Target Objects native [ sock_file ] Source pulseaudio Source Path /usr/bin/pulseaudio Port <Unknown> Host <hostname removed> Source RPM Packages pulseaudio-0.9.21-5.fc12 Target RPM Packages Policy RPM selinux-policy-3.6.32-113.fc12 Selinux Enabled True Policy Type targeted Enforcing Mode Permissive Plugin Name catchall Host Name <hostname removed> Platform Linux <hostname removed> 2.6.32.10-90.fc12.i686 #1 SMP Tue Mar 23 10:21:29 UTC 2010 i686 i686 Alert Count 1 First Seen Wed 12 May 2010 09:38:26 AM EEST Last Seen Wed 12 May 2010 09:38:26 AM EEST Local ID c860f83f-4f13-4534-b409-5d52b0ae0d15 Line Numbers Raw Audit Messages node=<hostname removed> type=AVC msg=audit(1273646306.410:37013): avc: denied { unlink } for pid=2204 comm="pulseaudio" name="native" dev=sda1 ino=1179890 scontext=system_u:system_r:xdm_t:s0-s0:c0.c1023 tcontext=system_u:object_r:var_lib_t:s0 tclass=sock_file node=<hostname removed> type=SYSCALL msg=audit(1273646306.410:37013): arch=40000003 syscall=10 success=yes exit=0 a0=910d2c0 a1=8ec390 a2=5dea21c a3=90ee230 items=0 ppid=1 pid=2204 auid=4294967295 uid=42 gid=476 euid=42 suid=42 fsuid=42 egid=476 sgid=476 fsgid=476 tty=(none) ses=4294967295 comm="pulseaudio" exe="/usr/bin/pulseaudio" subj=system_u:system_r:xdm_t:s0-s0:c0.c1023 key=(null) -----------------------------------------------------------
ls -lZ /var/lib/gdm Are you using gdm? lxdm? kdm?
[root@callisto ~]# ls -lZ /var/lib/gdm [root@callisto ~]# ls -ld /var/lib/gdm drwxrwx--T. 10 gdm gdm 4096 2010-05-12 09:37 /var/lib/gdm Related processes: 2027 ? Ss 0:00 /usr/sbin/gdm-binary -nodaemon 2087 ? S 0:00 /usr/libexec/gdm-simple-slave --display-id /org/gnome/DisplayManager/Display1 --force-active-vt 2089 tty1 Ss+ 14:24 /usr/bin/Xorg :0 -nr -verbose -auth /var/run/gdm/auth-for-gdm-KbYZl0/database -nolisten tcp vt1
I want to know what context it has. ls -lZd /var/lib/gdm run restorecon -v /var/lib/gdm
[root@callisto ~]# ls -lZd /var/lib/gdm drwxrwx--T. gdm gdm system_u:object_r:xdm_var_lib_t:s0 /var/lib/gdm [root@callisto ~]# restorecon -v /var/lib/gdm [root@callisto ~]# ls -lZd /var/lib/gdm drwxrwx--T. gdm gdm system_u:object_r:xdm_var_lib_t:s0 /var/lib/gdm
Ok, can you turn on full auditing so we can get the full path. Can you # echo "-w /etc/shadow -p w" >> /etc/audit/audit.rules And reboot. We should get the full path of the file. Grab the avc with ausearch -m avc -ts recent Remove this line to turn off full auditing.
[root@callisto ~]# ausearch -m avc -ts recent ---- time->Thu May 13 15:12:26 2010 type=PATH msg=audit(1273752746.950:43): item=2 name=(null) inode=1179890 dev=08:01 mode=0140755 ouid=42 ogid=476 rdev=00:00 obj=system_u:object_r:var_lib_t:s0 type=PATH msg=audit(1273752746.950:43): item=1 name=(null) inode=1181056 dev=08:01 mode=040700 ouid=42 ogid=476 rdev=00:00 obj=system_u:object_r:var_lib_t:s0 type=PATH msg=audit(1273752746.950:43): item=0 name=(null) inode=1181056 dev=08:01 mode=040700 ouid=42 ogid=476 rdev=00:00 obj=system_u:object_r:var_lib_t:s0 type=SOCKADDR msg=audit(1273752746.950:43): saddr=01002F7661722F6C69622F67646D2F2E70756C73652F64393837303136356662353839383738316433306130636634623130366632622D72756E74696D652F6E6174697665 type=SOCKETCALL msg=audit(1273752746.950:43): nargs=3 a0=1b a1=bf8f4ffe a2=45 type=SYSCALL msg=audit(1273752746.950:43): arch=40000003 syscall=102 success=yes exit=0 a0=2 a1=bf8f4fa0 a2=5dea21c a3=1b items=3 ppid=2229 pid=2231 auid=4294967295 uid=42 gid=476 euid=42 suid=42 fsuid=42 egid=476 sgid=476 fsgid=476 tty=(none) ses=4294967295 comm="pulseaudio" exe="/usr/bin/pulseaudio" subj=system_u:system_r:xdm_t:s0-s0:c0.c1023 key=(null) type=AVC msg=audit(1273752746.950:43): avc: denied { create } for pid=2231 comm="pulseaudio" name="native" scontext=system_u:system_r:xdm_t:s0-s0:c0.c1023 tcontext=system_u:object_r:var_lib_t:s0 tclass=sock_file ---- time->Thu May 13 15:12:26 2010 type=PATH msg=audit(1273752746.951:44): item=0 name="/var/lib/gdm/.pulse/d9870165fb5898781d30a0cf4b106f2b-runtime/native" inode=1179890 dev=08:01 mode=0140755 ouid=42 ogid=476 rdev=00:00 obj=system_u:object_r:var_lib_t:s0 type=CWD msg=audit(1273752746.951:44): cwd="/" type=SYSCALL msg=audit(1273752746.951:44): arch=40000003 syscall=15 success=yes exit=0 a0=86e0808 a1=1ff a2=5dea21c a3=1b items=1 ppid=2229 pid=2231 auid=4294967295 uid=42 gid=476 euid=42 suid=42 fsuid=42 egid=476 sgid=476 fsgid=476 tty=(none) ses=4294967295 comm="pulseaudio" exe="/usr/bin/pulseaudio" subj=system_u:system_r:xdm_t:s0-s0:c0.c1023 key=(null) type=AVC msg=audit(1273752746.951:44): avc: denied { setattr } for pid=2231 comm="pulseaudio" name="native" dev=sda1 ino=1179890 scontext=system_u:system_r:xdm_t:s0-s0:c0.c1023 tcontext=system_u:object_r:var_lib_t:s0 tclass=sock_file ---- time->Thu May 13 15:12:27 2010 type=PATH msg=audit(1273752747.085:45): item=0 name=(null) inode=1179890 dev=08:01 mode=0140777 ouid=42 ogid=476 rdev=00:00 obj=system_u:object_r:var_lib_t:s0 type=SOCKADDR msg=audit(1273752747.085:45): saddr=01002F7661722F6C69622F67646D2F2E70756C73652F64393837303136356662353839383738316433306130636634623130366632622D72756E74696D652F6E61746976650000000000000000000000000000000000000000000000000000000000000000000000000000000000 type=SOCKETCALL msg=audit(1273752747.085:45): nargs=3 a0=8 a1=b2c2febe a2=6e type=SYSCALL msg=audit(1273752747.085:45): arch=40000003 syscall=102 success=yes exit=0 a0=3 a1=b2c2fdc0 a2=5dea21c a3=0 items=1 ppid=2185 pid=2227 auid=4294967295 uid=42 gid=476 euid=42 suid=42 fsuid=42 egid=476 sgid=476 fsgid=476 tty=(none) ses=4294967295 comm="canberra-gtk-pl" exe="/usr/bin/canberra-gtk-play" subj=system_u:system_r:xdm_t:s0-s0:c0.c1023 key=(null) type=AVC msg=audit(1273752747.085:45): avc: denied { write } for pid=2227 comm="canberra-gtk-pl" name="native" dev=sda1 ino=1179890 scontext=system_u:system_r:xdm_t:s0-s0:c0.c1023 tcontext=system_u:object_r:var_lib_t:s0 tclass=sock_file
Are you still seeing this issue with the latest F-12 selinux-policy? If yes, please reopen the bug.
This message is a reminder that Fedora 12 is nearing its end of life. Approximately 30 (thirty) days from now Fedora will stop maintaining and issuing updates for Fedora 12. It is Fedora's policy to close all bug reports from releases that are no longer maintained. At that time this bug will be closed as WONTFIX if it remains open with a Fedora 'version' of '12'. Package Maintainer: If you wish for this bug to remain open because you plan to fix it in a currently maintained version, simply change the 'version' to a later Fedora version prior to Fedora 12's end of life. Bug Reporter: Thank you for reporting this issue and we are sorry that we may not be able to fix it before Fedora 12 is end of life. If you would still like to see this bug fixed and are able to reproduce it against a later version of Fedora please change the 'version' of this bug to the applicable version. If you are unable to change the version, please add a comment here and someone will do it for you. Although we aim to fix as many bugs as possible during every release's lifetime, sometimes those efforts are overtaken by events. Often a more recent Fedora release includes newer upstream software that fixes bugs or makes them obsolete. The process we are following is described here: http://fedoraproject.org/wiki/BugZappers/HouseKeeping
(In reply to comment #12) > Are you still seeing this issue with the latest F-12 selinux-policy? If yes, > please reopen the bug. Unfortunately I do not have Fedora 12 around any more, so cannot easily test with it. I do not see similar errors in Fedora 13 at least not in the last time.