udev/sound/alsa: needs to read /var/lib/alsa/asound.state (alsa_var_lib_t)
Tom London
selinux at gmail.com
Tue Sep 25 14:14:19 UTC 2007
Running latest rawhide, targeted enforcing.
Booting up, udev (90-alsa.rulles) runs /sbin/salsa to read
/var/lib/alsa/asound.state.
Get these in /var/log/messages:
Sep 25 06:48:13 localhost kernel: audit(1190728078.763:6): avc:
denied { read } for pid=1789 comm="salsa" name="asound.state"
dev=dm-0 ino=688429 scontext=system_u:system_r:udev_t:s0-s0:c0.c1023
tcontext=system_u:object_r:alsa_var_lib_t:s0 tclass=file
Sep 25 06:55:25 localhost kernel: audit(1190728512.708:5): avc:
denied { getattr } for pid=1793 comm="salsa"
path="/var/lib/alsa/asound.state" dev=dm-0 ino=688429
scontext=system_u:system_r:udev_t:s0-s0:c0.c1023
tcontext=system_u:object_r:alsa_var_lib_t:s0 tclass=file
tom
[Sorry if I incompletely reported this before, since policy now allows
directory to be read. There was a change in alsa-utils that mistakenly
moved 'salsa' to /bin/salsa, so I stopped gettting AVCs. alsa-utils
fixed now.]
--
Tom London
More information about the fedora-selinux-list
mailing list