Additional info: libreport version: 2.0.13 kernel: 3.5.3-1.fc17.x86_64 description: :SELinux is preventing /usr/bin/rhythmbox from read, write access on the blk_file sr0. : :***** Plugin catchall (100. confidence) suggests *************************** : :If you believe that rhythmbox should be allowed read write access on the sr0 blk_file by default. :Then you should report this as a bug. :You can generate a local policy module to allow this access. :Do :allow this access for now by executing: :# grep rhythmbox /var/log/audit/audit.log | audit2allow -M mypol :# semodule -i mypol.pp : :Additional Information: :Source Context unconfined_u:unconfined_r:mozilla_plugin_t:s0-s0:c : 0.c1023 :Target Context system_u:object_r:removable_device_t:s0 :Target Objects sr0 [ blk_file ] :Source rhythmbox :Source Path /usr/bin/rhythmbox :Port <Unknown> :Host (removed) :Source RPM Packages rhythmbox-2.97-1.fc17.x86_64 :Target RPM Packages :Policy RPM selinux-policy-3.10.0-146.fc17.noarch :Selinux Enabled True :Policy Type targeted :Enforcing Mode Enforcing :Host Name (removed) :Platform Linux (removed) 3.5.3-1.fc17.x86_64 #1 SMP Wed Aug : 29 18:46:34 UTC 2012 x86_64 x86_64 :Alert Count 1 :First Seen 2012-09-20 14:12:13 EEST :Last Seen 2012-09-20 14:12:13 EEST :Local ID e29dd7e4-dd53-428d-9b81-84379b87f7e6 : :Raw Audit Messages :type=AVC msg=audit(1348139533.16:337): avc: denied { read write } for pid=14309 comm="rhythmbox" name="sr0" dev="devtmpfs" ino=7324 scontext=unconfined_u:unconfined_r:mozilla_plugin_t:s0-s0:c0.c1023 tcontext=system_u:object_r:removable_device_t:s0 tclass=blk_file : : :type=SYSCALL msg=audit(1348139533.16:337): arch=x86_64 syscall=open success=no exit=EACCES a0=215e230 a1=802 a2=7fffa91ecf4c a3=9 items=0 ppid=1 pid=14309 auid=1000 uid=1000 gid=1000 euid=1000 suid=1000 fsuid=1000 egid=1000 sgid=1000 fsgid=1000 tty=(none) ses=2 comm=rhythmbox exe=/usr/bin/rhythmbox subj=unconfined_u:unconfined_r:mozilla_plugin_t:s0-s0:c0.c1023 key=(null) : :Hash: rhythmbox,mozilla_plugin_t,removable_device_t,blk_file,read,write : :audit2allow : :#============= mozilla_plugin_t ============== :allow mozilla_plugin_t removable_device_t:blk_file { read write }; : :audit2allow -R : :#============= mozilla_plugin_t ============== :allow mozilla_plugin_t removable_device_t:blk_file { read write }; :
Created attachment 614851 [details] File: type
Created attachment 614852 [details] File: hashmarkername
You will need to turn off the unconfined_mozilla_plugin_transition boolean using # setsebool -P unconfined_mozilla_plugin_transition 0
This looks like /dev/sr0 has the wrong label on it. matchpathcon /dev/sr0 /dev/sr0 system_u:object_r:removable_device_t:s0