> -----Original Message----- > From: Zaman, Imran > Sent: Tuesday, December 16, 2014 4:57 AM > To: Whiteman, John L; Schaufler, Casey; [email protected] > Cc: Laako, Jussi > Subject: RE: SMACK Labels for /dev/snd/* > > Hi > > > Recently we have encountered an issue that if a PAM user session has > > PAM_TTY set as "tty1", then it sets appropriate smack labels for > /dev/snd/*. > > What label do the files get? > > > otherwise the smack labels are not set appropriately for any other > > value and the devices become inaccessible. > > What label do they get? What would you like it to be? > > When tty1 is used as PAM_TTY for use session then file access are as below > and works.. NOTE crw-rw----+
The "+" indicates there is an ACL on the file. The "*" is the Smack label. Everyone always has access to files with the "*" label. > root@ivi_box:~# ls -lZa /dev/snd/* > crw-rw----+ 1 root audio * 116, 0 Dec 15 15:38 /dev/snd/controlC0 > crw-rw----+ 1 root audio * 116, 32 Dec 15 15:38 /dev/snd/controlC1 > crw-rw----+ 1 root audio * 116, 4 Dec 15 15:38 /dev/snd/hwC0D0 > crw-rw----+ 1 root audio * 116, 6 Dec 15 15:38 /dev/snd/hwC0D2 > crw-rw----+ 1 root audio * 116, 24 Dec 15 07:43 /dev/snd/pcmC0D0c > crw-rw----+ 1 root audio * 116, 16 Dec 15 07:43 /dev/snd/pcmC0D0p > crw-rw----+ 1 root audio * 116, 26 Dec 15 15:38 /dev/snd/pcmC0D2c > crw-rw----+ 1 root audio * 116, 19 Dec 15 07:43 /dev/snd/pcmC0D3p > crw-rw----+ 1 root audio * 116, 23 Dec 15 07:43 /dev/snd/pcmC0D7p > crw-rw----+ 1 root audio * 116, 56 Dec 15 07:43 /dev/snd/pcmC1D0c > crw-rw----+ 1 root audio * 116, 48 Dec 15 07:43 /dev/snd/pcmC1D0p > crw-rw----+ 1 root audio * 116, 1 Dec 15 15:38 /dev/snd/seq > crw-rw----+ 1 root audio * 116, 33 Dec 15 15:38 /dev/snd/timer > > When tty1 is NOT used as PAM_TTY for use session then file access are as > below and DOESNT works.. NOTE crw-rw----. You still have the "*" Smack label. Smack isn't the problem. Hypotheses: The ACL on the files above explicitly allows access for the logged in user. Look at the ACL. > root@ivi_box:~# ls -lZa /dev/snd/* > crw-rw----. 1 root audio * 116, 0 Dec 16 2014 /dev/snd/controlC0 > crw-rw----. 1 root audio * 116, 32 Dec 16 2014 /dev/snd/controlC1 > crw-rw----. 1 root audio * 116, 4 Dec 16 2014 /dev/snd/hwC0D0 > crw-rw----. 1 root audio * 116, 6 Dec 16 2014 /dev/snd/hwC0D2 > crw-rw----. 1 root audio * 116, 24 Dec 16 2014 /dev/snd/pcmC0D0c > crw-rw----. 1 root audio * 116, 16 Dec 16 2014 /dev/snd/pcmC0D0p > crw-rw----. 1 root audio * 116, 26 Dec 16 2014 /dev/snd/pcmC0D2c > crw-rw----. 1 root audio * 116, 19 Dec 16 2014 /dev/snd/pcmC0D3p > crw-rw----. 1 root audio * 116, 23 Dec 16 2014 /dev/snd/pcmC0D7p > crw-rw----. 1 root audio * 116, 56 Dec 16 2014 /dev/snd/pcmC1D0c > crw-rw----. 1 root audio * 116, 48 Dec 16 2014 /dev/snd/pcmC1D0p > crw-rw----. 1 root audio * 116, 1 Dec 16 2014 /dev/snd/seq > crw-rw----. 1 root audio * 116, 33 Dec 16 2014 /dev/snd/timer > > BR > imran > > ---------------------------------------------------------------- > > Intel Finland Oy > > Registered Address: PL 281, 00181 Helsinki Business Identity Code: > > 0357606 - 4 Domiciled in Helsinki > > > > This e-mail and any attachments may contain confidential material for > > the sole use of the intended recipient(s). Any review or distribution > > by others is strictly prohibited. If you are not the intended > > recipient, please contact the sender and delete all copies. > > > > _______________________________________________ > > Dev mailing list > > [email protected] > > https://lists.tizen.org/listinfo/dev > _______________________________________________ > Dev mailing list > [email protected] > https://lists.tizen.org/listinfo/dev _______________________________________________ Dev mailing list [email protected] https://lists.tizen.org/listinfo/dev
