Note: This bug is displayed in read-only format because
the product is no longer active in Red Hat Bugzilla.
RHEL Engineering is moving the tracking of its product development work on RHEL 6 through RHEL 9 to Red Hat Jira (issues.redhat.com). If you're a Red Hat customer, please continue to file support cases via the Red Hat customer portal. If you're not, please head to the "RHEL project" in Red Hat Jira and file new tickets here. Individual Bugzilla bugs in the statuses "NEW", "ASSIGNED", and "POST" are being migrated throughout September 2023. Bugs of Red Hat partners with an assigned Engineering Partner Manager (EPM) are migrated in late September as per pre-agreed dates. Bugs against components "kernel", "kernel-rt", and "kpatch" are only migrated if still in "NEW" or "ASSIGNED". If you cannot log in to RH Jira, please consult article #7032570. That failing, please send an e-mail to the RH Jira admins at rh-issues@redhat.com to troubleshoot your issue as a user management inquiry. The email creates a ServiceNow ticket with Red Hat. Individual Bugzilla bugs that are migrated will be moved to status "CLOSED", resolution "MIGRATED", and set with "MigratedToJIRA" in "Keywords". The link to the successor Jira issue will be found under "Links", have a little "two-footprint" icon next to it, and direct you to the "RHEL project" in Red Hat Jira (issue links are of type "https://issues.redhat.com/browse/RHEL-XXXX", where "X" is a digit). This same link will be available in a blue banner at the top of the page informing you that that bug has been migrated.
Well, something tells me this relates with switching from unconfined to confined.
Could reproduce it, but could you create a staff_u user, reboot and log in?
Also Milos,
could all your testing be done with
-w /etc/shadow -p wa
in the audit.rules file.
It's interesting. When newly created staff_u user logs in via GDM, no AVCs appear. When an old staff_u user logs in, the AVC appears. Not sure why this happens.
How I said this is caused by switching a user which was logged in as unconfined_t to staff_t and pulseaudio was running as unconfined_t for the same user.
Additional Information: Source Context staff_u:staff_r:pulseaudio_t:s0 Target Context system_u:object_r:tmp_t:s0 Target Objects (null) [ dir ] Source pulseaudio Source Path /usr/bin/pulseaudio Port <Unknown> Host rhel62 Source RPM Packages pulseaudio-0.9.21-13.el6 Target RPM Packages Policy RPM selinux-policy-3.7.19-114.el6 Selinux Enabled True Policy Type targeted Enforcing Mode Enforcing Host Name rhel62 Platform Linux rhel62 2.6.32-203.el6.i686 #1 SMP Tue Sep 27 11:34:16 EDT 2011 i686 i686 Alert Count 1 First Seen Mon 03 Oct 2011 03:41:58 PM CEST Last Seen Mon 03 Oct 2011 03:41:58 PM CEST Local ID 00414b5d-c57c-488d-91c9-beb351b9a542 Raw Audit Messages type=AVC msg=audit(1317649318.936:2372): avc: denied { setattr } for pid=27735 comm="pulseaudio" name=".esd-503" dev=dm-0 ino=148750 scontext=staff_u:staff_r:pulseaudio_t:s0 tcontext=system_u:object_r:tmp_t:s0 tclass=dir type=SYSCALL msg=audit(1317649318.936:2372): arch=i386 syscall=fchmod success=no exit=EACCES a0=f a1=1c0 a2=c01400 a3=9bf5c80 items=1 ppid=27731 pid=27735 auid=503 uid=503 gid=505 euid=503 suid=503 fsuid=503 egid=505 sgid=505 fsgid=505 tty=(none) ses=88 comm=pulseaudio exe=/usr/bin/pulseaudio subj=staff_u:staff_r:pulseaudio_t:s0 key=(null) type=PATH msg=audit(1317649318.936:2372): item=0 name=(null) inode=148750 dev=fd:00 mode=040700 ouid=503 ogid=505 rdev=00:00 obj=system_u:object_r:tmp_t:s0 Hash: pulseaudio,pulseaudio_t,tmp_t,dir,setattr audit2allow #============= pulseaudio_t ============== allow pulseaudio_t tmp_t:dir setattr; audit2allow -R #============= pulseaudio_t ============== allow pulseaudio_t tmp_t:dir setattr;