Bug 829691 - SELinux is preventing systemd-logind from 'open' accesses on the chr_file /dev/input/event0.
SELinux is preventing systemd-logind from 'open' accesses on the chr_file /de...
Product: Fedora
Classification: Fedora
Component: selinux-policy (Show other bugs)
i686 Unspecified
unspecified Severity unspecified
: ---
: ---
Assigned To: Miroslav Grepl
Fedora Extras Quality Assurance
Depends On:
  Show dependency treegraph
Reported: 2012-06-07 06:47 EDT by Frank Murphy
Modified: 2012-06-07 12:06 EDT (History)
3 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Last Closed: 2012-06-07 12:06:39 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)

  None (edit)
Description Frank Murphy 2012-06-07 06:47:35 EDT
libreport version: 2.0.10
executable:     /usr/bin/python2.7
hashmarkername: setroubleshoot
kernel:         3.5.0-0.rc1.git0.1.fc18.i686
time:           Thu 07 Jun 2012 11:46:52 IST

:SELinux is preventing systemd-logind from 'open' accesses on the chr_file /dev/input/event0.
:*****  Plugin catchall (100. confidence) suggests  ***************************
:If you believe that systemd-logind should be allowed open access on the event0 chr_file by default.
:Then you should report this as a bug.
:You can generate a local policy module to allow this access.
:allow this access for now by executing:
:# grep systemd-logind /var/log/audit/audit.log | audit2allow -M mypol
:# semodule -i mypol.pp
:Additional Information:
:Source Context                system_u:system_r:systemd_logind_t:s0
:Target Context                system_u:object_r:event_device_t:s0
:Target Objects                /dev/input/event0 [ chr_file ]
:Source                        systemd-logind
:Source Path                   systemd-logind
:Port                          <Unknown>
:Host                          (removed)
:Source RPM Packages           
:Target RPM Packages           
:Policy RPM                    selinux-policy-3.10.0-128.fc17.noarch
:Selinux Enabled               True
:Policy Type                   targeted
:Enforcing Mode                Enforcing
:Host Name                     (removed)
:Platform                      Linux (removed)
:                              3.5.0-0.rc1.git0.1.fc18.i686 #1 SMP Sun Jun 3
:                              14:25:21 UTC 2012 i686 i686
:Alert Count                   2
:First Seen                    Thu 07 Jun 2012 11:38:38 IST
:Last Seen                     Thu 07 Jun 2012 11:44:34 IST
:Local ID                      d60a8f01-0ab8-42d1-b988-11262b3f7d36
:Raw Audit Messages
:type=AVC msg=audit(1339065874.497:453): avc:  denied  { open } for  pid=2095 comm="systemd-logind" path="/dev/input/event0" dev="devtmpfs" ino=6364 scontext=system_u:system_r:systemd_logind_t:s0 tcontext=system_u:object_r:event_device_t:s0 tclass=chr_file
:Hash: systemd-logind,systemd_logind_t,event_device_t,chr_file,open
:#============= systemd_logind_t ==============
:allow systemd_logind_t event_device_t:chr_file open;
:audit2allow -R
:#============= systemd_logind_t ==============
:allow systemd_logind_t event_device_t:chr_file open;
Comment 1 Frank Murphy 2012-06-07 06:50:46 EDT
grep systemd-logind /var/log/audit/audit.log | audit2allow -M mypol

has not prevent the alert from happening.
But cannot as yet see any negative effect from alert, only nuisance.
Comment 2 Daniel Walsh 2012-06-07 12:06:39 EDT
fixed in selinux-policy-3.11.0-1.fc18.noarch

Note You need to log in before you can comment on or make changes to this bug.