Re: Access to cd device denied for cdp

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Wed, 2004-04-28 at 11:57 -0400, Daniel J Walsh wrote:
> Andrew Farris wrote:
> 
> >Playing a cd from the terminal using cdp, or cdplay (non-interactive),
> >results in the following avc in permissive mode (but the cd is allowed
> >to play):
> >
> >Apr 26 15:09:24 CirithUngol kernel: audit(1083017364.035:0): avc:
> >denied  { ioctl } for  pid=10129 exe=/usr/bin/cdp path=/dev/hdc dev=hdb8
> >ino=66203 scontext=user_u:user_r:user_t
> >tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file
> >  
> >
> 
> Please put in a bugzilla.  The problem is that /dev/hdc is labeled 
> wrong.  It should have a label of removable_disk_device_t.
> The problem is there is currently no good way of determining what cdrom 
> disk is from a fixed disk, from a policy point of
> view.  We are investigating ideas around using kudzu to relabel the devices.
> 
> If you do a chcon -t removable_disk_device_t /dev/hdc
> does the problem go away?
> 
> Dan

> >I'm working with policy-sources-1.11.2-13.

Now working with policy-sources-1.11.2-18 and removable_disk_device_t is
not a valid argument to chcon, however removable_device_t is, and when I
relabel /dev/hdc such it does allow me to play the cd in enforcing mode,
this is the solution.
brw-rw-rw-+ root   disk   system_u:object_r:removable_device_t /dev/hdc

I will add this to bugzilla if not there already today.

-- 
Andrew Farris, CPE senior (California Polytechnic State University, SLO)
fedora@xxxxxxxxxxxxxxxx :: lmorgul on irc.freenode.net
"The only thing necessary for the triumph of evil is for good men
to do nothing." (Edmond Burke)


[Index of Archives]     [Fedora Users]     [Fedora Desktop]     [Big List of Linux Books]     [Yosemite News]     [Yosemite Campsites]     [KDE Users]     [Gnome Users]

  Powered by Linux