gvfs-fuse-daemon throws read/write AVC for /dev/fuse

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Running rawhide, targeted/enforcing (selinux-policy-3.3.1-10.fc9.noarch)

Notice this in /var/log/audit/audit.log:

type=AVC msg=audit(1204736621.705:13): avc:  denied  { read write }
for  pid=2823 comm="gvfs-fuse-daemo" name="fuse" dev=tmpfs ino=2019
scontext=system_u:system_r:xdm_t:s0-s0:c0.c1023
tcontext=system_u:object_r:fuse_device_t:s0 tclass=chr_file
type=SYSCALL msg=audit(1204736621.705:13): arch=40000003 syscall=5
success=no exit=-13 a0=9d9118 a1=8002 a2=0 a3=8002 items=0 ppid=1
pid=2823 auid=4294967295 uid=42 gid=42 euid=42 suid=42 fsuid=42
egid=42 sgid=42 fsgid=42 tty=(none) ses=4294967295
comm="gvfs-fuse-daemo" exe="/usr/libexec/gvfs-fuse-daemon"
subj=system_u:system_r:xdm_t:s0-s0:c0.c1023 key=(null)

But, gvfs-fuse-daemon appears to be running in unconfined_t, why xdm_t?

[root@localhost ~]# ps agxZ | grep gvfs
unconfined_u:unconfined_r:unconfined_t 3130 ?  S      0:00 /usr/libexec/gvfsd
unconfined_u:unconfined_r:unconfined_t 3137 ?  Ssl    0:00
/usr/libexec//gvfs-fuse-daemon /home/tbl/.gvfs
unconfined_u:unconfined_r:unconfined_t 3144 ?  S      0:00
/usr/libexec/gvfsd-trash --spawner :1.8 /org/gtk/gvfs/exec_spaw/0
unconfined_u:unconfined_r:unconfined_t 3155 ?  S      0:00
/usr/libexec/gvfsd-burn --spawner :1.8 /org/gtk/gvfs/exec_spaw/1
unconfined_u:unconfined_r:unconfined_t 3673 pts/0 S+   0:00 grep gvfs
[root@localhost ~]#

The AVC appears to occur after the CUPS LABEL_LEVEL_CHANGES audit
messages, but before the USER_AUTH from gdm-greeter.

Is this some sort of transition/timing issue?

tom
-- 
Tom London

--
fedora-selinux-list mailing list
fedora-selinux-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/fedora-selinux-list

[Index of Archives]     [Fedora Users]     [Fedora Desktop]     [Big List of Linux Books]     [Yosemite News]     [Yosemite Campsites]     [KDE Users]     [Gnome Users]

  Powered by Linux