Bug 995521 - SELinux is preventing /usr/sbin/usbmuxd from 'create' accesses on the netlink_kobject_uevent_socket .
SELinux is preventing /usr/sbin/usbmuxd from 'create' accesses on the netlink...
Status: CLOSED ERRATA
Product: Fedora
Classification: Fedora
Component: selinux-policy (Show other bugs)
19
x86_64 Unspecified
unspecified Severity unspecified
: ---
: ---
Assigned To: Miroslav Grepl
Fedora Extras Quality Assurance
abrt_hash:967c63775983add63e8f382b297...
:
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2013-08-09 11:25 EDT by Fabio Valentini
Modified: 2013-09-03 05:27 EDT (History)
18 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2013-09-03 05:27:48 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)

  None (edit)
Description Fabio Valentini 2013-08-09 11:25:43 EDT
Description of problem:
Steps to reproduce:

1. Attach iPod touch 4th gen, iOS 6
2. AVC denial happens

and: iPod filesystem and documents mount don't show up in nautilus, don't know if that is related to the AVC denial or another problem entirely.
SELinux is preventing /usr/sbin/usbmuxd from 'create' accesses on the netlink_kobject_uevent_socket .

*****  Plugin catchall (100. confidence) suggests  ***************************

If you believe that usbmuxd should be allowed create access on the  netlink_kobject_uevent_socket by default.
Then you should report this as a bug.
You can generate a local policy module to allow this access.
Do
allow this access for now by executing:
# grep usbmuxd /var/log/audit/audit.log | audit2allow -M mypol
# semodule -i mypol.pp

Additional Information:
Source Context                system_u:system_r:usbmuxd_t:s0
Target Context                system_u:system_r:usbmuxd_t:s0
Target Objects                 [ netlink_kobject_uevent_socket ]
Source                        usbmuxd
Source Path                   /usr/sbin/usbmuxd
Port                          <Unknown>
Host                          (removed)
Source RPM Packages           usbmuxd-1.0.8-7.fc19.x86_64
Target RPM Packages           
Policy RPM                    selinux-policy-3.12.1-69.fc19.noarch
Selinux Enabled               True
Policy Type                   targeted
Enforcing Mode                Enforcing
Host Name                     (removed)
Platform                      Linux (removed) 3.10.4-300.fc19.x86_64 #1 SMP Tue
                              Jul 30 11:29:05 UTC 2013 x86_64 x86_64
Alert Count                   2
First Seen                    2013-08-09 17:17:25 CEST
Last Seen                     2013-08-09 17:22:38 CEST
Local ID                      e5cb7584-5b1a-43b3-91b7-adf2cd809728

Raw Audit Messages
type=AVC msg=audit(1376061758.41:627): avc:  denied  { create } for  pid=3474 comm="usbmuxd" scontext=system_u:system_r:usbmuxd_t:s0 tcontext=system_u:system_r:usbmuxd_t:s0 tclass=netlink_kobject_uevent_socket


type=SYSCALL msg=audit(1376061758.41:627): arch=x86_64 syscall=socket success=no exit=EACCES a0=10 a1=80803 a2=f a3=2094600 items=0 ppid=1 pid=3474 auid=4294967295 uid=113 gid=113 euid=113 suid=113 fsuid=113 egid=113 sgid=113 fsgid=113 ses=4294967295 tty=(none) comm=usbmuxd exe=/usr/sbin/usbmuxd subj=system_u:system_r:usbmuxd_t:s0 key=(null)

Hash: usbmuxd,usbmuxd_t,usbmuxd_t,netlink_kobject_uevent_socket,create

Additional info:
reporter:       libreport-2.1.6
hashmarkername: setroubleshoot
kernel:         3.10.4-300.fc19.x86_64
type:           libreport
Comment 1 Matthew Miller 2013-08-09 16:16:39 EDT
Description of problem:
Plugged in iPhone. Got AVC. That's pretty much it.

Additional info:
reporter:       libreport-2.1.6
hashmarkername: setroubleshoot
kernel:         3.10.4-300.fc19.x86_64
type:           libreport
Comment 2 John Freed 2013-08-10 14:25:46 EDT
Description of problem:
Plugged in iPhone and AVC was generated

Additional info:
reporter:       libreport-2.1.6
hashmarkername: setroubleshoot
kernel:         3.10.5-201.fc19.x86_64
type:           libreport
Comment 3 Miloslav Trmač 2013-08-13 14:18:12 EDT
Description of problem:
Plugged in an iPhone.

Additional info:
reporter:       libreport-2.1.6
hashmarkername: setroubleshoot
kernel:         3.10.5-201.fc19.x86_64
type:           libreport
Comment 4 Daniel Walsh 2013-08-13 18:50:47 EDT
88ea30f1ecf6f361c7baa56305ec4ad8f38c1940 fixes this in git.
Comment 5 lennart_reuther 2013-08-17 07:17:35 EDT
Description of problem:
pluggin an iPhone with iOs4 and opened tethering via USB on the laptop

Additional info:
reporter:       libreport-2.1.6
hashmarkername: setroubleshoot
kernel:         3.10.5-201.fc19.x86_64
type:           libreport
Comment 6 Jonathan Gazeley 2013-08-18 17:23:28 EDT
Description of problem:
Connected an iPhone 5 to the computer

Additional info:
reporter:       libreport-2.1.6
hashmarkername: setroubleshoot
kernel:         3.10.6-200.fc19.x86_64
type:           libreport
Comment 7 E. Lewis 2013-08-19 18:13:07 EDT
Description of problem:
Pluggin in an iPhone. Plugging in this device worked previously. This is a recent regression.

Additional info:
reporter:       libreport-2.1.6
hashmarkername: setroubleshoot
kernel:         3.10.6-200.fc19.i686
type:           libreport
Comment 8 Sam 2013-08-20 19:38:59 EDT
Description of problem:
Plugged in iphone

Additional info:
reporter:       libreport-2.1.6
hashmarkername: setroubleshoot
kernel:         3.10.7-200.fc19.x86_64
type:           libreport
Comment 9 Adam 2013-08-24 15:26:33 EDT
Description of problem:
Apple Inc device blocked when connected to a USB port.  Required policy update:

require {
	type usbmuxd_t;
	class netlink_kobject_uevent_socket { bind create setopt getattr };
}

allow usbmuxd_t self:netlink_kobject_uevent_socket { bind create setopt getattr };

Additional info:
reporter:       libreport-2.1.6
hashmarkername: setroubleshoot
kernel:         3.10.7-200.fc19.x86_64
type:           libreport
Comment 10 L.L.Robinson 2013-08-25 15:45:03 EDT
Description of problem:
I'm trying to use my iPhone as a USB network device

Additional info:
reporter:       libreport-2.1.6
hashmarkername: setroubleshoot
kernel:         3.10.6-200.fc19.x86_64
type:           libreport
Comment 11 Jan Fluksa 2013-08-30 05:30:13 EDT
Description of problem:
Maybe after I plugged my iPhone to USB3

Additional info:
reporter:       libreport-2.1.6
hashmarkername: setroubleshoot
kernel:         3.10.7-200.fc19.i686.PAE
type:           libreport
Comment 12 Miroslav Grepl 2013-09-03 05:27:48 EDT
#============= usbmuxd_t ==============

#!!!! This avc is allowed in the current policy
allow usbmuxd_t self:netlink_kobject_uevent_socket create;

Note You need to log in before you can comment on or make changes to this bug.