On 9/25/07, Bill Nottingham <notting@xxxxxxxxxx> wrote:
> Tom London (selinux@xxxxxxxxx) said:
> > Running latest rawhide, targeted enforcing.
> >
> > Booting up, udev (90-alsa.rulles) runs /sbin/salsa to read
> > /var/lib/alsa/asound.state.
>
> Don't fix this in policy, that's just broken in alsa.
>
> You can't save mixer settings there, as /var may not be mounted when
> this runs. *Sigh*
>
> Bill
>
More 'sigh':
Booting in permissive mode now produces:
Oct 9 07:08:33 localhost kernel: audit(1191938899.844:3): avc:
denied { read } for pid=1553 comm="alsactl" name="asound.state"
dev=dm-0 ino=11076536 scontext=system_u:system_r:udev_t:s0-s0:c0.c1023
tcontext=system_u:object_r:alsa_etc_rw_t:s0 tclass=file
Oct 9 07:08:33 localhost kernel: audit(1191938899.844:4): avc:
denied { getattr } for pid=1553 comm="alsactl"
path="/etc/alsa/asound.state" dev=dm-0 ino=11076536
scontext=system_u:system_r:udev_t:s0-s0:c0.c1023
tcontext=system_u:object_r:alsa_etc_rw_t:s0 tclass=file
Not 100% sure why this now is reported against alsactl (instead of
salsa); and shouldn't alsactl be running in 'alsa_t'?
I did make one change to 90-alsa.rules: I changed 'RUN+="/sbin/salsa"'
to RUN+="/sbin/salsa -l" on both ControlC* and pcm* lines. Not sure if
that 'broke something'.
tom
--
Tom London
--
fedora-selinux-list mailing list
fedora-selinux-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/fedora-selinux-list
