Playing a cd from the terminal using cdp, or cdplay (non-interactive),
results in the following avc in permissive mode (but the cd is allowed
to play):
Apr 26 15:09:24 CirithUngol kernel: audit(1083017364.035:0): avc:
denied { ioctl } for pid=10129 exe=/usr/bin/cdp path=/dev/hdc dev=hdb8
ino=66203 scontext=user_u:user_r:user_t
tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file
This is not audited in enforcing mode.. but does not work either
(program exits with "please chmod 666 /dev/cdrom as root").
/dev/cdrom is symlinked directly to /dev/hdc.
4.0K lrwxrwxrwx 1 0 0 8 Mar 29 17:26 /dev/cdrom -> /dev/hdc
4.0K brw-rw-rw- 1 0 6 22, 0 Feb 23 13:02 /dev/hdc
Is this expected, or desired behavior? Shouldn't a locally logged in
user be allowed access to audio cds? (perhaps should be -or is- tunable)
I'm working with policy-sources-1.11.2-13.
--
Andrew Farris, CPE senior (California Polytechnic State University, SLO)
fedora@xxxxxxxxxxxxxxxx :: lmorgul on irc.freenode.net
"The only thing necessary for the triumph of evil is for good men
to do nothing." (Edmond Burke)
