Bug#428464: alsa SELinux errors during boot

Mon, 11 Jun 2007 16:03:57 -0700 

Package: selinux-policy-refpolicy-targeted
Version: 0.0.20070507-5
Severity: normal


I get the following errors during boot, when udev loads the alsa drivers and
runs /etc/init.d/alsa-utils:
Jun 10 13:36:47 tiberius kernel: audit(1181478929.356:5): avc:  denied  {
getattr } for  pid=793 comm="alsa-utils" name="asound.state" dev=hda7
ino=908558 scontext=system_u:system_r:udev_t:s0-s0:c0.c1023
tcontext=system_u:object_r:var_lib_t:s0 tclass=file
Jun 10 13:36:47 tiberius kernel: audit(1181478929.669:6): avc:  denied  {
read } for  pid=796 comm="alsactl" name="asound.state" dev=hda7 ino=908558
scontext=system_u:system_r:udev_t:s0-s0:c0.c1023
tcontext=system_u:object_r:var_lib_t:s0 tclass=file
Jun 10 13:36:47 tiberius kernel: audit(1181478929.812:7): avc:  denied  {
getattr } for  pid=796 comm="alsactl" name="alsa.conf" dev=hda7 ino=182943
scontext=system_u:system_r:udev_t:s0-s0:c0.c1023
tcontext=system_u:object_r:usr_t:s0 tclass=file
Jun 10 13:36:47 tiberius kernel: audit(1181478929.815:8): avc:  denied  {
read } for  pid=796 comm="alsactl" name="alsa.conf" dev=hda7 ino=182943
scontext=system_u:system_r:udev_t:s0-s0:c0.c1023
tcontext=system_u:object_r:usr_t:s0 tclass=file

Note that Debian has moved /etc/asound.state to /var/lib/alsa/asound.state.
Setting this file's context to system_u:object_r:etc_runtime_t:s0, what the
reference policy sets for /etc/asound.state, makes the first two errors go
away.  I don't know if that is the correct solution, or if it should have
its own type.

alsa.conf lives not in /etc but in /usr/share/alsa, upstream as well as in
Debian.  There is no reference to it in the reference policy.


--- System information. ---
Architecture: amd64
Kernel:       Linux 2.6.21

Debian Release: lenny/sid
  990 unstable        www.debian-multimedia.org
  990 unstable        ftp.ie.debian.org
  990 unstable        ftp.heanet.ie
  990 unstable        ftp-uxsup.csx.cam.ac.uk
    1 experimental    ftp.ie.debian.org
    1 experimental    ftp-uxsup.csx.cam.ac.uk

--- Package information. ---
Depends                   (Version) | Installed
===================================-+-================
policycoreutils                     | 2.0.16-1
libpam-modules      (>= 0.77-0.se5) | 0.79-4
python                              | 2.4.4-6
libselinux1              (>= 2.0.7) | 2.0.15-2


-- 
Martin Orr


-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Reply via email to