Bug 830583 - SELinux is preventing /usr/bin/pulseaudio from create access on the file autospawn.lock.
Summary: SELinux is preventing /usr/bin/pulseaudio from create access on the file auto...
Keywords:
Status: CLOSED WONTFIX
Alias: None
Product: Fedora
Classification: Fedora
Component: pulseaudio
Version: 17
Hardware: Unspecified
OS: Unspecified
unspecified
unspecified
Target Milestone: ---
Assignee: Lennart Poettering
QA Contact: Fedora Extras Quality Assurance
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2012-06-10 19:13 UTC by JC
Modified: 2013-08-01 03:07 UTC (History)
3 users (show)

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed: 2013-08-01 03:07:53 UTC
Type: Bug
Embargoed:


Attachments (Terms of Use)

Description JC 2012-06-10 19:13:12 UTC
Description of problem:
Selinux block pulseaudio accessing autospawn.lock this kills system volume control


Version-Release number of selected component (if applicable):

Fedora 17 LXDE spin

pulseaudio-1.1-9.fc17.x86_64

How reproducible:
Play youtube videos using flash player 11.1.102.55

Steps to Reproduce:
1. Play videos one after another
2. Get the selinux alert and lose system volume control
3.
  
Actual results:
Selinux alert and lose system volume control

Expected results:
Plays videos

Additional info:

SELinux is preventing /usr/bin/pulseaudio from create access on the file autospawn.lock.

*****  Plugin catchall (100. confidence) suggests  ***************************

If you believe that pulseaudio should be allowed create access on the autospawn.lock file by default.
Then you should report this as a bug.
You can generate a local policy module to allow this access.
Do
allow this access for now by executing:
# grep autospawn /var/log/audit/audit.log | audit2allow -M mypol
# semodule -i mypol.pp

Additional Information:
Source Context                unconfined_u:unconfined_r:mozilla_plugin_t:s0-s0:c
                              0.c1023
Target Context                unconfined_u:object_r:user_home_t:s0
Target Objects                autospawn.lock [ file ]
Source                        autospawn
Source Path                   /usr/bin/pulseaudio
Port                          <Unknown>
Host                          system
Source RPM Packages           pulseaudio-1.1-9.fc17.x86_64
Target RPM Packages           
Policy RPM                    selinux-policy-3.10.0-128.fc17.noarch
Selinux Enabled               True
Policy Type                   targeted
Enforcing Mode                Enforcing
Host Name                     tower
Platform                      Linux system 3.4.0-1.fc17.x86_64 #1 SMP Sun Jun 3
                              06:35:17 UTC 2012 x86_64 x86_64
Alert Count                   2
First Seen                    Sun 10 Jun 2012 02:29:02 PM EDT
Last Seen                     Sun 10 Jun 2012 02:39:02 PM EDT
Local ID                      f6ebade4-6e16-4056-91b7-4c646226cf1e

Raw Audit Messages
type=AVC msg=audit(1339353542.127:88): avc:  denied  { create } for  pid=1792 comm="autospawn" name="autospawn.lock" scontext=unconfined_u:unconfined_r:mozilla_plugin_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:user_home_t:s0 tclass=file


type=SYSCALL msg=audit(1339353542.127:88): arch=x86_64 syscall=open success=no exit=EACCES a0=7fc8280009a0 a1=a0142 a2=180 a3=30d644947c items=0 ppid=1695 pid=1792 auid=500 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=(none) ses=1 comm=autospawn exe=/usr/bin/pulseaudio subj=unconfined_u:unconfined_r:mozilla_plugin_t:s0-s0:c0.c1023 key=(null)

Hash: autospawn,mozilla_plugin_t,user_home_t,file,create

audit2allowunable to open /sys/fs/selinux/policy:  Permission denied


audit2allow -Runable to open /sys/fs/selinux/policy:  Permission denied

Comment 1 Fedora End Of Life 2013-07-03 23:57:45 UTC
This message is a reminder that Fedora 17 is nearing its end of life.
Approximately 4 (four) weeks from now Fedora will stop maintaining
and issuing updates for Fedora 17. It is Fedora's policy to close all
bug reports from releases that are no longer maintained. At that time
this bug will be closed as WONTFIX if it remains open with a Fedora 
'version' of '17'.

Package Maintainer: If you wish for this bug to remain open because you
plan to fix it in a currently maintained version, simply change the 'version' 
to a later Fedora version prior to Fedora 17's end of life.

Bug Reporter:  Thank you for reporting this issue and we are sorry that 
we may not be able to fix it before Fedora 17 is end of life. If you 
would still like  to see this bug fixed and are able to reproduce it 
against a later version  of Fedora, you are encouraged  change the 
'version' to a later Fedora version prior to Fedora 17's end of life.

Although we aim to fix as many bugs as possible during every release's 
lifetime, sometimes those efforts are overtaken by events. Often a 
more recent Fedora release includes newer upstream software that fixes 
bugs or makes them obsolete.

Comment 2 Fedora End Of Life 2013-08-01 03:07:57 UTC
Fedora 17 changed to end-of-life (EOL) status on 2013-07-30. Fedora 17 is 
no longer maintained, which means that it will not receive any further 
security or bug fix updates. As a result we are closing this bug.

If you can reproduce this bug against a currently maintained version of 
Fedora please feel free to reopen this bug against that version.

Thank you for reporting this bug and we are sorry it could not be fixed.


Note You need to log in before you can comment on or make changes to this bug.