Re: Access to cd device denied for cdp

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Wed, Apr 28, 2004 at 05:53:16PM -0700, Andrew Farris wrote:
> From: Andrew Farris <fedora@xxxxxxxxxxxxxxxx>
> > Andrew Farris wrote:
> > 
> > >Playing a cd from the terminal using cdp, or cdplay (non-interactive),
> > >results in the following avc in permissive mode (but the cd is allowed
> > >to play):
> > >
> > >Apr 26 15:09:24 CirithUngol kernel: audit(1083017364.035:0): avc:
> > >denied  { ioctl } for  pid=10129 exe=/usr/bin/cdp path=/dev/hdc dev=hdb8
> > >ino=66203 scontext=user_u:user_r:user_t
> > >tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file
> > >  

> > Please put in a bugzilla.  The problem is that /dev/hdc is labeled 
> > wrong.

> this is the solution.
> brw-rw-rw-+ root   disk   system_u:object_r:removable_device_t /dev/hdc
> 
> I will add this to bugzilla if not there already today.

Should there be some distinctions for removable media eventually i.e
"removable-rw-storage" or something reflecting a function....
USBflashstick, Floppy, iPod, tape, CDRW.

Match this with "removable-ro-storage" for things like music CDs, iPod
or other content in a "roach motel environment" where stuff might
check in but never check out ;-).  In the  the iPod case policy could
enforce read only.

With hotplug hardware I can see disk controlers and other removable
devices.

I know I am splitting a hair... 


-- 
	T o m  M i t c h e l l 
	/dev/null the ultimate in secure storage.

[Index of Archives]     [Fedora Users]     [Fedora Desktop]     [Big List of Linux Books]     [Yosemite News]     [Yosemite Campsites]     [KDE Users]     [Gnome Users]

  Powered by Linux