Bug 742985 - SELinux is preventing /usr/bin/pulseaudio from setattr access on the directory (null).
Summary: SELinux is preventing /usr/bin/pulseaudio from setattr access on the director...
Keywords:
Status: CLOSED NOTABUG
Alias: None
Product: Red Hat Enterprise Linux 6
Classification: Red Hat
Component: selinux-policy
Version: 6.2
Hardware: All
OS: Linux
unspecified
medium
Target Milestone: rc
: ---
Assignee: Miroslav Grepl
QA Contact: BaseOS QE Security Team
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2011-10-03 13:56 UTC by Milos Malik
Modified: 2011-10-03 15:23 UTC (History)
1 user (show)

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed: 2011-10-03 15:23:18 UTC
Target Upstream Version:

Attachments (Terms of Use)
Add an attachment (proposed patch, testcase, etc.)

Description Milos Malik 2011-10-03 13:56:37 UTC 
Additional Information:
Source Context                staff_u:staff_r:pulseaudio_t:s0
Target Context                system_u:object_r:tmp_t:s0
Target Objects                (null) [ dir ]
Source                        pulseaudio
Source Path                   /usr/bin/pulseaudio
Port                          <Unknown>
Host                          rhel62
Source RPM Packages           pulseaudio-0.9.21-13.el6
Target RPM Packages           
Policy RPM                    selinux-policy-3.7.19-114.el6
Selinux Enabled               True
Policy Type                   targeted
Enforcing Mode                Enforcing
Host Name                     rhel62
Platform                      Linux rhel62 2.6.32-203.el6.i686 #1 SMP Tue Sep 27
                              11:34:16 EDT 2011 i686 i686
Alert Count                   1
First Seen                    Mon 03 Oct 2011 03:41:58 PM CEST
Last Seen                     Mon 03 Oct 2011 03:41:58 PM CEST
Local ID                      00414b5d-c57c-488d-91c9-beb351b9a542

Raw Audit Messages
type=AVC msg=audit(1317649318.936:2372): avc:  denied  { setattr } for  pid=27735 comm="pulseaudio" name=".esd-503" dev=dm-0 ino=148750 scontext=staff_u:staff_r:pulseaudio_t:s0 tcontext=system_u:object_r:tmp_t:s0 tclass=dir


type=SYSCALL msg=audit(1317649318.936:2372): arch=i386 syscall=fchmod success=no exit=EACCES a0=f a1=1c0 a2=c01400 a3=9bf5c80 items=1 ppid=27731 pid=27735 auid=503 uid=503 gid=505 euid=503 suid=503 fsuid=503 egid=505 sgid=505 fsgid=505 tty=(none) ses=88 comm=pulseaudio exe=/usr/bin/pulseaudio subj=staff_u:staff_r:pulseaudio_t:s0 key=(null)

type=PATH msg=audit(1317649318.936:2372): item=0 name=(null) inode=148750 dev=fd:00 mode=040700 ouid=503 ogid=505 rdev=00:00 obj=system_u:object_r:tmp_t:s0

Hash: pulseaudio,pulseaudio_t,tmp_t,dir,setattr

audit2allow

#============= pulseaudio_t ==============
allow pulseaudio_t tmp_t:dir setattr;

audit2allow -R

#============= pulseaudio_t ==============
allow pulseaudio_t tmp_t:dir setattr;
Comment 1 Milos Malik 2011-10-03 14:00:19 UTC 
How to Reproduce:
1) create a staff_u user
2) set a password for the staff_u user
3) log in as the staff_u user via GDM
Comment 2 Miroslav Grepl 2011-10-03 14:13:16 UTC 
Well, something tells me this relates with switching from unconfined to confined. 

Could reproduce it, but could you create a staff_u user, reboot and log in?


Also Milos,
could all your testing be done with

-w /etc/shadow -p wa

in the audit.rules file.
Comment 4 Milos Malik 2011-10-03 14:33:01 UTC 
It's interesting. When newly created staff_u user logs in via GDM, no AVCs appear. When an old staff_u user logs in, the AVC appears. Not sure why this happens.
Comment 5 Miroslav Grepl 2011-10-03 14:39:20 UTC 
How I said this is caused by switching a user which was logged in as unconfined_t to staff_t and pulseaudio was running as unconfined_t for the same user.
Comment 6 Milos Malik 2011-10-03 14:52:10 UTC 
That's possible. So we close the bug.
Note You need to log in before you can comment on or make changes to this bug.