On 5/24/05, Tom London <selinux(a)gmail.com> wrote:
On 5/24/05, Daniel J Walsh <dwalsh(a)redhat.com> wrote:
> Tom London wrote:
>
> >Running strict/enforcing, latest rawhide.
> >
> >Get the following when logging in:
> >May 21 13:30:16 fedora gdm(pam_unix)[2946]: session opened for user
> >tbl by (uid=0)
> >May 21 13:30:16 fedora kernel: audit(1116707416.740:0): avc: denied
> >{ write } for name=dmix.conf dev=hda2 ino=4523476
> >scontext=system_u:system_r:xdm_t tcontext=system_u:object_r:etc_t
> >tclass=file
> >May 21 13:30:16 fedora ainit: Failed to open file /etc/alsa/pcm/dmix.conf
> >May 21 13:30:16 fedora ainit: Error: Permission denied
> >
> >The file in questions is /etc/alsa/pcm/dmix.conf.
> >
> >/etc/alsa/ainit.conf has:
> >#
> ># overwrite target files, if exists
> >#
> >overwrite = yes
> >
> >#
> ># first config file - for dmix plugin
> >#
> >template_0 = /etc/alsa/pcm/dmix.template
> >target_0 = /etc/alsa/pcm/dmix.conf
> >target_root_file_0 = yes
> >
> >This seems less than perfect to me....
> >Should dmix.conf (and dsnoop.conf) be someplace else? Labeled as
> >xdm_rw_etc_t? (I don't know who else needs to read these files....)
> >
> >tom
> >
> >
> >
> Do you have any idea if xdm is actually trying to write this file, or
> could this just be they used the wrong flags when opening the file?
>
No idea.
I'll test tonight on my 'strict machine'.
tom
Running strict/permissive, I get this:
May 25 06:19:54 fedora gdm(pam_unix)[2695]: session opened for user
tbl by (uid=0)
May 25 06:19:54 fedora kernel: audit(1117027194.325:0): avc: denied
{ write } for pid=2739 comm="ainit" name=pcm dev=hda2 ino=4524122
scontext=system_u:system_r:xdm_t tcontext=system_u:object_r:etc_t
tclass=dir
May 25 06:19:54 fedora kernel: audit(1117027194.325:0): avc: denied
{ add_name } for pid=2739 comm="ainit" name=dmix.conf
scontext=system_u:system_r:xdm_t tcontext=system_u:object_r:etc_t
tclass=dir
May 25 06:19:54 fedora kernel: audit(1117027194.325:0): avc: denied
{ create } for pid=2739 comm="ainit" name=dmix.conf
scontext=system_u:system_r:xdm_t tcontext=system_u:object_r:etc_t
tclass=file
May 25 06:19:54 fedora kernel: audit(1117027194.340:0): avc: denied
{ write } for pid=2739 comm="ainit" name=dmix.conf dev=hda2
ino=4522361 scontext=system_u:system_r:xdm_t
tcontext=system_u:object_r:etc_t tclass=file
May 25 06:19:56 fedora gconfd (tbl-2801): starting (version 2.10.0),
pid 2801 user 'tbl'
So it looks like xdm wants to really create/write this....
Logging out does this:
May 25 06:24:54 fedora gconfd (tbl-2801): Exiting
May 25 06:24:54 fedora gdm(pam_unix)[2695]: session closed for user tbl
May 25 06:24:54 fedora kernel: audit(1117027494.313:0): avc: denied
{ write } for pid=3184 comm="ainit" name=pcm dev=hda2 ino=4524122
scontext=system_u:system_r:xdm_t tcontext=system_u:object_r:etc_t
tclass=dir
May 25 06:24:54 fedora kernel: audit(1117027494.313:0): avc: denied
{ remove_name } for pid=3184 comm="ainit" name=dmix.conf.lock
dev=hda2 ino=4522777 scontext=system_u:system_r:xdm_t
tcontext=system_u:object_r:etc_t tclass=dir
May 25 06:24:54 fedora kernel: audit(1117027494.313:0): avc: denied
{ unlink } for pid=3184 comm="ainit" name=dmix.conf.lock dev=hda2
ino=4522777 scontext=system_u:system_r:xdm_t
tcontext=system_u:object_r:etc_t tclass=file
May 25 06:24:54 fedora kernel: audit(1117027494.349:0): avc: denied
{ unix_read unix_write } for pid=3184 comm="ainit" key=1947154681
scontext=system_u:system_r:xdm_t tcontext=tbl:staff_r:staff_t
tclass=shm
May 25 06:24:54 fedora kernel: audit(1117027494.349:0): avc: denied
{ associate } for pid=3184 comm="ainit" key=1947154681
scontext=system_u:system_r:xdm_t tcontext=tbl:staff_r:staff_t
tclass=shm
May 25 06:24:54 fedora kernel: audit(1117027494.349:0): avc: denied
{ destroy } for pid=3184 comm="ainit" key=1947154681
scontext=system_u:system_r:xdm_t tcontext=tbl:staff_r:staff_t
tclass=shm
tom
--
Tom London