Bug 634699 - SELinux is preventing /usr/bin/mpd "connectto" access on @/tmp/.X11-unix/X0.
Summary: SELinux is preventing /usr/bin/mpd "connectto" access on @/tmp/.X11-unix...
Keywords:
Status: CLOSED DUPLICATE of bug 667353
Alias: None
Product: Fedora
Classification: Fedora
Component: selinux-policy
Version: 13
Hardware: x86_64
OS: Linux
low
medium
Target Milestone: ---
Assignee: Miroslav Grepl
QA Contact: Fedora Extras Quality Assurance
URL:
Whiteboard: setroubleshoot_trace_hash:d0e4b7fb8d1...
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2010-09-16 18:26 UTC by ssabchew
Modified: 2011-01-06 14:05 UTC (History)
4 users (show)

Fixed In Version:
Clone Of:
Environment:
Last Closed: 2011-01-06 14:05:44 UTC
Type: ---
Embargoed:

Attachments (Terms of Use)

Description ssabchew 2010-09-16 18:26:15 UTC 
Summary:

SELinux is preventing /usr/bin/mpd "connectto" access on @/tmp/.X11-unix/X0.

Detailed Description:

[mpd has a permissive type (mpd_t). This access was not denied.]

SELinux denied access requested by mpd. It is not expected that this access is
required by mpd and this access may signal an intrusion attempt. It is also
possible that the specific version or configuration of the application is
causing it to require additional access.

Allowing Access:

You can generate a local policy module to allow this access - see FAQ
(http://docs.fedoraproject.org/selinux-faq-fc5/#id2961385) Please file a bug
report.

Additional Information:

Source Context                unconfined_u:system_r:mpd_t:s0
Target Context                system_u:system_r:xserver_t:s0-s0:c0.c1023
Target Objects                @/tmp/.X11-unix/X0 [ unix_stream_socket ]
Source                        mpd
Source Path                   /usr/bin/mpd
Port                          <Unknown>
Host                          (removed)
Source RPM Packages           mpd-0.15.11-1.fc13
Target RPM Packages           
Policy RPM                    selinux-policy-3.7.19-54.fc13
Selinux Enabled               True
Policy Type                   targeted
Enforcing Mode                Enforcing
Plugin Name                   catchall
Host Name                     (removed)
Platform                      Linux (removed)
                              2.6.34.6-54.fc13.x86_64 #1 SMP Sun Sep 5 17:16:27
                              UTC 2010 x86_64 x86_64
Alert Count                   1
First Seen                    Sun 12 Sep 2010 02:06:23 PM EEST
Last Seen                     Sun 12 Sep 2010 02:06:23 PM EEST
Local ID                      581f6231-10ea-42ba-9921-d6d0b0dda0b7
Line Numbers                  

Raw Audit Messages            

node=(removed) type=AVC msg=audit(1284289583.380:38076): avc:  denied  { connectto } for  pid=14162 comm="mpd" path=002F746D702F2E5831312D756E69782F5830 scontext=unconfined_u:system_r:mpd_t:s0 tcontext=system_u:system_r:xserver_t:s0-s0:c0.c1023 tclass=unix_stream_socket

node=(removed) type=SYSCALL msg=audit(1284289583.380:38076): arch=c000003e syscall=42 success=yes exit=0 a0=d a1=7fffb838dcc0 a2=14 a3=7fffb838d9b0 items=0 ppid=14161 pid=14162 auid=500 uid=473 gid=453 euid=473 suid=473 fsuid=473 egid=453 sgid=453 fsgid=453 tty=pts1 ses=1 comm="mpd" exe="/usr/bin/mpd" subj=unconfined_u:system_r:mpd_t:s0 key=(null)



Hash String generated from  catchall,mpd,mpd_t,xserver_t,unix_stream_socket,connectto
audit2allow suggests:

#============= mpd_t ==============
allow mpd_t xserver_t:unix_stream_socket connectto;
Comment 1 Daniel Walsh 2010-09-16 20:59:00 UTC 
Any idea why mpd is trying to connect to X?
Comment 2 Miroslav Grepl 2010-10-07 14:57:06 UTC 
Is MPD running under mpd user?
Comment 3 Fedora Admin XMLRPC Client 2010-11-08 21:49:40 UTC 
This package has changed ownership in the Fedora Package Database.  Reassigning to the new owner of this component.
Comment 4 Fedora Admin XMLRPC Client 2010-11-08 21:50:33 UTC 
This package has changed ownership in the Fedora Package Database.  Reassigning to the new owner of this component.
Comment 5 Fedora Admin XMLRPC Client 2010-11-08 21:51:46 UTC 
This package has changed ownership in the Fedora Package Database.  Reassigning to the new owner of this component.
Comment 6 Miroslav Grepl 2011-01-06 14:05:44 UTC 

*** This bug has been marked as a duplicate of bug 667353 ***
Note You need to log in before you can comment on or make changes to this bug.