Hide Forgot
Description of problem: The following commands raise avc alerts: gst-launch videotestsrc ! theoraenc ! dccpserversink gst-launch dccpclientsrc ! theoradec ! autovideosink Version-Release number of selected component (if applicable): Fedora 15 Beta - all updates. Always. Steps to Reproduce: 1. See above. Actual results: AVC alerts Expected results: The app is bound to the port and other can connect.
Created attachment 498825 [details] dccp_socket This might be terribly wrong but i think something like this should be implemented. Not sure.
Looks good to me, Dominick commit it.
Fabian what AVC's are you seeing?
---- time->Fri May 13 17:19:27 2011 type=SYSCALL msg=audit(1305299967.437:683): arch=c000003e syscall=41 success=no exit=-13 a0=2 a1=6 a2=21 a3=1 items=0 ppid=31858 pid=392 auid=500 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=pts3 ses=32 comm="gst-launch-0.10" exe="/usr/bin/gst-launch-0.10" subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 key=(null) type=AVC msg=audit(1305299967.437:683): avc: denied { create } for pid=392 comm="gst-launch-0.10" scontext=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 tcontext=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 tclass=dccp_socket ---- time->Fri May 13 17:21:16 2011 type=SYSCALL msg=audit(1305300076.077:691): arch=c000003e syscall=54 success=no exit=-13 a0=3 a1=1 a2=2 a3=7fffed38b21c items=0 ppid=31858 pid=468 auid=500 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=pts3 ses=32 comm="gst-launch-0.10" exe="/usr/bin/gst-launch-0.10" subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 key=(null) type=AVC msg=audit(1305300076.077:691): avc: denied { setopt } for pid=468 comm="gst-launch-0.10" scontext=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 tcontext=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 tclass=dccp_socket ---- time->Fri May 13 17:22:45 2011 type=SYSCALL msg=audit(1305300165.905:698): arch=c000003e syscall=49 success=no exit=-13 a0=3 a1=7fff16a1cce0 a2=10 a3=7fff16a1ccfc items=0 ppid=31858 pid=563 auid=500 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=pts3 ses=32 comm="gst-launch-0.10" exe="/usr/bin/gst-launch-0.10" subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 key=(null) type=AVC msg=audit(1305300165.905:698): avc: denied { bind } for pid=563 comm="gst-launch-0.10" scontext=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 tcontext=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 tclass=dccp_socket ---- after fiddling around a bit: ---- time->Fri May 13 17:32:40 2011 type=SYSCALL msg=audit(1305300760.952:712): arch=c000003e syscall=55 success=no exit=-13 a0=3 a1=10d a2=c a3=7fffd27f9a60 items=0 ppid=31858 pid=712 auid=500 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=pts3 ses=32 comm="gst-launch-0.10" exe="/usr/bin/gst-launch-0.10" subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 key=(null) type=AVC msg=audit(1305300760.952:712): avc: denied { getopt } for pid=712 comm="gst-launch-0.10" lport=5001 scontext=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 tcontext=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 tclass=dccp_socket ---- time->Fri May 13 17:42:28 2011 type=SYSCALL msg=audit(1305301348.641:759): arch=c000003e syscall=50 success=no exit=-13 a0=3 a1=5 a2=0 a3=7fffb9a13c9c items=0 ppid=31858 pid=1124 auid=500 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=pts3 ses=32 comm="gst-launch-0.10" exe="/usr/bin/gst-launch-0.10" subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 key=(null) type=AVC msg=audit(1305301348.641:759): avc: denied { listen } for pid=1124 comm="gst-launch-0.10" lport=5001 scontext=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 tcontext=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 tclass=dccp_socket ---- time->Fri May 13 17:47:21 2011 type=SYSCALL msg=audit(1305301641.165:761): arch=c000003e syscall=42 success=no exit=-13 a0=6 a1=7fff54838300 a2=10 a3=7fff548382fc items=0 ppid=1198 pid=1212 auid=500 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=pts6 ses=32 comm="gst-launch-0.10" exe="/usr/bin/gst-launch-0.10" subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 key=(null) type=AVC msg=audit(1305301641.165:761): avc: denied { name_connect } for pid=1212 comm="gst-launch-0.10" dest=5001 scontext=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 tcontext=system_u:object_r:port_t:s0 tclass=dccp_socket
Applied in selinux-policy-3.9.16-24.fc16