Hi,
I comaintain synce (a framework to connect to PocketPC devices) in Fedora,
and since Fedora 7 it does not autoconnect the device when plugged in.
Autoconnection is done by an Udev rule :
# cat /etc/udev/rules.d/60-synce.rules
ACTION=="add", SUBSYSTEM=="usb_device", SYSFS{idVendor}=="0bb4",
SYSFS{idProduct}=="0a06", SYMLINK+="ipaq",
RUN+="/usr/bin/synce-serial-start"
synce-serial-start is a shell script that sources a
file: /usr/share/synce/synce-serial-common
On F7, I get AVC messages for getattr and read permissions from
synce-serial-start to this file:
type=AVC msg=audit(1180872169.345:3815): avc: denied { getattr } for
pid=31270 comm="synce-serial-st" name="synce-serial-common" dev=sda2
ino=438256 scontext=system_u:system_r:udev_t:s0-s0:c0.c1023
tcontext=system_u:object_r:usr_t:s0 tclass=file
type=AVC_PATH msg=audit(1180872169.345:3815):
path="/usr/share/synce/synce-serial-common"
type=AVC msg=audit(1180872169.345:3816): avc: denied { read } for
pid=31270 comm="synce-serial-st" name="synce-serial-common" dev=sda2
ino=438256 scontext=system_u:system_r:udev_t:s0-s0:c0.c1023
tcontext=system_u:object_r:usr_t:s0 tclass=file
How should I label /usr/share/synce/synce-serial-common to allow access from
udev_t ?
And in general, how can I view which labels are allowed (and in which way)
for a given type ?
Thanks !
Aurélien
--
http://aurelien.bompard.org ~~~~ Jabber : abompard@xxxxxxxxx
echo '16i[q]sa[ln0=aln100%Pln100/snlbx]sbA0D4D465452snlbxq' | dc
--
fedora-selinux-list mailing list
fedora-selinux-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/fedora-selinux-list
