On 2/27/19 1:53 PM, mark wrote:
> On 02/27/19 04:10, Lukas Vrabec wrote:
>> On 2/26/19 9:55 PM, mark wrote:
>>>> Subject: Re: Policy issue: C7 and motion
>>>> Date: Tue, 26 Feb 2019 09:31:18 +0100
>>>> From: Lukas Vrabec <lvrabec@xxxxxxxxxx>
>>>> Organization: Red Hat, Inc.
>>>> To: selinux@xxxxxxxxxxxxxxxxxxxxxxx
>>>>
>>>> On 2/25/19 7:20 PM, mark wrote:
>>>>
>>>>> Not sure who's package let an error slip in, but I don't believe I've
>>>>> had this issue before: SELinux is preventing /usr/bin/motion from map
>>>>> access on the chr_file /dev/video1
>>>>>
>>>>> Yes, that should be allowed by default.
>>>>
>>>> Yes, it should be allowed by default, but do you have raw AVCs related
>>>> to this issue?
>>>>
>>> type=AVC msg=audit(1551118810.099:136938): avc: denied { map } for
>>> pid=5076 comm="motion" path="/dev/video1" dev="devtmpfs" ino=27287
>>> scontext=system_u:system_r:motion_t:s0
>>> tcontext=system_u:object_r:v4l_device_t:s0 tclass=chr_file permissive=1
>>>
>>> Does that help?
>>>
>>
>> Yes it helped. What version of Fedora are you using? I fixed this issue
>> here:
>> https://github.com/fedora-selinux/selinux-policy-contrib/commit/0b295220e86c4b154d4d969e2a5b0dc1607ebbb9
>>
>>
>> It should be fixed in Fedora28+
>>
> CentOS 7, not fedora.
>
Ok, that make sense, could you please create bugzilla? But best step
would be to allow it on your system by using custom local module.
Thanks,
Lukas.
> mark
--
Lukas Vrabec
Software Engineer, Security Technologies
Red Hat, Inc.
Attachment:
signature.asc
Description: OpenPGP digital signature
_______________________________________________ selinux mailing list -- selinux@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe send an email to selinux-leave@xxxxxxxxxxxxxxxxxxxxxxx Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/selinux@xxxxxxxxxxxxxxxxxxxxxxx
