Fedora 7 Alsa avc
by Bob Kashani
I'm getting this avc on F7 but audio seems to be working fine. But I
thought that I would report it anyway.
Relevant avc:
Jun 1 12:48:17 chaucer kernel: audit(1180727286.622:6): avc: denied
{ search } for pid=1076 comm="salsa" name="root" dev
=sda2 ino=940065 scontext=system_u:system_r:udev_t:s0-s0:c0.c1023
tcontext=system_u:object_r:default_t:s0 tclass=dir
16 years, 11 months
- 1
- 0
Some enhancements for pam_namespace
by Tomas Mraz
I've implemented some enhancements for pam_namespace which can be used
for temporary logons. These enhancements were proposed by Dan Walsh.
Please review if you're interested.
https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=241226
https://bugzilla.redhat.com/bugzilla/attachment.cgi?id=155825
--
Tomas Mraz
No matter how far down the wrong road you've gone, turn back.
Turkish proverb
16 years, 11 months
- 1
- 0
gnome-settings-daemon fails in strict policy at version 2301
by NZzi
i check out policy from svn at version 2301, and build at
FC7 Rawhide.
after switching from target to strict, i can not make my
gnome-settings-daemon work well:
###
the detail contexts is in thread:
http://marc.info/?l=selinux&m=118050940823692&w=2
###
i login as normal user through X window, but i got another
errors:
"Fails to execute program: /usr/libexec/gnome-settings-daemon"
corresponding avc were:
type=AVC msg=audit(1180319582.421:32): avc: denied { execute } for
pid=1855 comm="dbus-daemon" name="gnome-settings-daemon" dev=sda1
ino=215756 scontext=user_u:user_r:user_dbusd_t:s0
tcontext=system_u:object_r:bin_t:s0 tclass=file
type=AVC msg=audit(1180319582.421:32): avc: denied { execute_no_trans
} for pid=1855 comm="dbus-daemon" name="gnome-settings-daemon" dev=sda1
ino=215756 scontext=user_u:user_r:user_dbusd_t:s0
tcontext=system_u:object_r:bin_t:s0 tclass=file
i add two template call in dbus_per_role_template() to remove these tow
errors:
corecmd_exec_bin($1_dbusd_t)
additionally, there are still another erros about gnome-settings-daemon:
type=AVC msg=audit(1180319581.037:31): avc: denied { search } for
pid=1844 comm="dbus-daemon" name="yangshao" dev=sda1 ino=1407785
scontext=user_u:user_r:user_dbusd_t:s0
tcontext=system_u:object_r:user_home_dir_t:s0 tclass=dir
i user a interface to remove this denied error:
userdom_search_user_home_dirs($1,$1_dbusd_t)
(also in dbus_per_role_template())
after re-make and reboot, i got another errors:
"... /usr/libexec/gnome-settings-daemon received singal 6..."
it seemed that gnome-settings-daemon received SIGABRT signal, and i found
an avc denied messages:
type=AVC msg=audit(1180493663.406:31): avc: denied { getsched } for
pid=1856 comm="gnome-settings-" scontext=user_u:user_r:user_dbusd_t:s0
tcontext=user_u:user_r:user_dbusd_t:s0 tclass=process
so i permit getsched of user_dbusd_t to try to fix this "signal 6" errors:
allow $1_dbusd_t self:process { getattr sigkill signal getsched };
but after adding this, gnome-settings-daemon exit with status 1 after
rebooting, and some avc denied messages came out:
type=AVC msg=audit(1180494884.832:87): avc: denied { search } for
pid=2112 comm="gnome-settings-" name=".X11-unix" dev=sda1 ino=327976
scontext=user_u:user_r:user_dbusd_t:s0
tcontext=system_u:object_r:xdm_tmp_t:s0 tclass=dir
type=AVC msg=audit(1180494884.840:88): avc: denied { create } for
pid=2112 comm="gnome-settings-" scontext=user_u:user_r:user_dbusd_t:s0
tcontext=user_u:user_r:user_dbusd_t:s0 tclass=netlink_route_socket
type=AVC msg=audit(1180494884.840:89): avc: denied { name_connect }
for pid=2112 comm="gnome-settings-" dest=6000
scontext=user_u:user_r:user_dbusd_t:s0
tcontext=system_u:object_r:xserver_port_t:s0 tclass=tcp_socket
i wonder are these errors caused by my modification, and how to make the
gnome-settings-daemon work???
thanks in advance
16 years, 11 months
- 1
- 0