996141 – SELinux is preventing /usr/sbin/usbmuxd from getattr access on the netlink_kobject_uevent_socket

Bug 996141 - SELinux is preventing /usr/sbin/usbmuxd from getattr access on the netlink_kobject_uevent_socket

Summary: SELinux is preventing /usr/sbin/usbmuxd from getattr access on the netlink_ko...

Keywords:
Status:	CLOSED DUPLICATE of bug 996294
Alias:	None
Product:	Fedora
Classification:	Fedora
Component:	selinux-policy
Sub Component:
Version:	19
Hardware:	Unspecified
OS:	Unspecified
Priority:	unspecified
Severity:	unspecified
Target Milestone:	---
Assignee:	Miroslav Grepl
QA Contact:	Fedora Extras Quality Assurance
Docs Contact:
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+	depends on / blocked

Reported:	2013-08-12 13:42 UTC by Simon Sekidde
Modified:	2013-08-13 22:10 UTC (History)
CC List:	3 users (show)
Fixed In Version:
Clone Of:
Environment:
Last Closed:	2013-08-13 22:10:09 UTC
Type:	Bug
Embargoed:
Dependent Products:

Attachments	(Terms of Use)

Description Simon Sekidde 2013-08-12 13:42:40 UTC

Description of problem:

This AVC is generated when connecting an iPad via USB

Version-Release number of selected component (if applicable):

selinux-policy-3.12.1-69.fc19.noarch

Actual results:

[Enforcing] 

----
type=SYSCALL msg=audit(08/12/2013 08:47:48.588:128) : arch=x86_64 syscall=socket success=no exit=-13(Permission denied) a0=netlink a1=SOCK_RAW a2=xnet a3=0x173c600 items=0 ppid=1 pid=3155 auid=unset uid=usbmuxd gid=usbmuxd euid=usbmuxd suid=usbmuxd fsuid=usbmuxd egid=usbmuxd sgid=usbmuxd fsgid=usbmuxd ses=unset tty=(none) comm=usbmuxd exe=/usr/sbin/usbmuxd subj=system_u:system_r:usbmuxd_t:s0 key=(null) 
type=AVC msg=audit(08/12/2013 08:47:48.588:128) : avc:  denied  { create } for  pid=3155 comm=usbmuxd scontext=system_u:system_r:usbmuxd_t:s0 tcontext=system_u:system_r:usbmuxd_t:s0 tclass=netlink_kobject_uevent_socket 

#============= usbmuxd_t ==============
allow usbmuxd_t self:netlink_kobject_uevent_socket create;

[Permissive] 

----
type=SYSCALL msg=audit(08/12/2013 08:49:26.780:139) : arch=x86_64 syscall=socket success=yes exit=5 a0=netlink a1=SOCK_RAW a2=xnet a3=0x1b3d600 items=0 ppid=1 pid=3368 auid=unset uid=usbmuxd gid=usbmuxd euid=usbmuxd suid=usbmuxd fsuid=usbmuxd egid=usbmuxd sgid=usbmuxd fsgid=usbmuxd ses=unset tty=(none) comm=usbmuxd exe=/usr/sbin/usbmuxd subj=system_u:system_r:usbmuxd_t:s0 key=(null) 
type=AVC msg=audit(08/12/2013 08:49:26.780:139) : avc:  denied  { create } for  pid=3368 comm=usbmuxd scontext=system_u:system_r:usbmuxd_t:s0 tcontext=system_u:system_r:usbmuxd_t:s0 tclass=netlink_kobject_uevent_socket 
----
type=SYSCALL msg=audit(08/12/2013 08:49:26.781:140) : arch=x86_64 syscall=setsockopt success=yes exit=0 a0=0x5 a1=SOL_SOCKET a2=SO_ATTACH_FILTER a3=0x7fff1b4b00b0 items=0 ppid=1 pid=3368 auid=unset uid=usbmuxd gid=usbmuxd euid=usbmuxd suid=usbmuxd fsuid=usbmuxd egid=usbmuxd sgid=usbmuxd fsgid=usbmuxd ses=unset tty=(none) comm=usbmuxd exe=/usr/sbin/usbmuxd subj=system_u:system_r:usbmuxd_t:s0 key=(null) 
type=AVC msg=audit(08/12/2013 08:49:26.781:140) : avc:  denied  { setopt } for  pid=3368 comm=usbmuxd scontext=system_u:system_r:usbmuxd_t:s0 tcontext=system_u:system_r:usbmuxd_t:s0 tclass=netlink_kobject_uevent_socket 
----
type=SYSCALL msg=audit(08/12/2013 08:49:26.781:141) : arch=x86_64 syscall=bind success=yes exit=0 a0=0x5 a1=0x1b3e4c0 a2=0xc a3=0x7fff1b4b00b0 items=0 ppid=1 pid=3368 auid=unset uid=usbmuxd gid=usbmuxd euid=usbmuxd suid=usbmuxd fsuid=usbmuxd egid=usbmuxd sgid=usbmuxd fsgid=usbmuxd ses=unset tty=(none) comm=usbmuxd exe=/usr/sbin/usbmuxd subj=system_u:system_r:usbmuxd_t:s0 key=(null) 
type=AVC msg=audit(08/12/2013 08:49:26.781:141) : avc:  denied  { bind } for  pid=3368 comm=usbmuxd scontext=system_u:system_r:usbmuxd_t:s0 tcontext=system_u:system_r:usbmuxd_t:s0 tclass=netlink_kobject_uevent_socket 
----
type=SYSCALL msg=audit(08/12/2013 08:49:26.781:142) : arch=x86_64 syscall=getsockname success=yes exit=0 a0=0x5 a1=0x7fff1b4b1110 a2=0x7fff1b4b110c a3=0x7fff1b4b00b0 items=0 ppid=1 pid=3368 auid=unset uid=usbmuxd gid=usbmuxd euid=usbmuxd suid=usbmuxd fsuid=usbmuxd egid=usbmuxd sgid=usbmuxd fsgid=usbmuxd ses=unset tty=(none) comm=usbmuxd exe=/usr/sbin/usbmuxd subj=system_u:system_r:usbmuxd_t:s0 key=(null) 
type=AVC msg=audit(08/12/2013 08:49:26.781:142) : avc:  denied  { getattr } for  pid=3368 comm=usbmuxd scontext=system_u:system_r:usbmuxd_t:s0 tcontext=system_u:system_r:usbmuxd_t:s0 tclass=netlink_kobject_uevent_socket 

#============= usbmuxd_t ==============
allow usbmuxd_t self:netlink_kobject_uevent_socket { bind create setopt getattr };

Comment 1 Daniel Walsh 2013-08-12 13:57:58 UTC

commit 88ea30f1ecf6f361c7baa56305ec4ad8f38c1940 fixes this in git.

Comment 2 Daniel Walsh 2013-08-13 22:10:09 UTC


*** This bug has been marked as a duplicate of bug 996294 ***

Note You need to log in before you can comment on or make changes to this bug.