Note: This is a beta release of Red Hat Bugzilla 5.0. The data contained within is a snapshot of the live data so any changes you make will not be reflected in the production Bugzilla. Also email is disabled so feel free to test any aspect of the site that you want. File any problems you find or give feedback here.
Bug 236285 - alsactl getting an avc denial on resume
Summary: alsactl getting an avc denial on resume
Keywords:
Status: CLOSED CURRENTRELEASE
Alias: None
Product: Fedora
Classification: Fedora
Component: selinux-policy-targeted
Version: rawhide
Hardware: All
OS: Linux
medium
medium
Target Milestone: ---
Assignee: Daniel Walsh
QA Contact: Ben Levenson
URL:
Whiteboard:
Depends On: 236916 236918
Blocks:
TreeView+ depends on / blocked
 
Reported: 2007-04-12 20:35 UTC by Zack Cerza
Modified: 2007-11-30 22:12 UTC (History)
3 users (show)

Fixed In Version: Current
Doc Type: Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed: 2007-08-22 14:16:59 UTC


Attachments (Terms of Use)

Description Zack Cerza 2007-04-12 20:35:28 UTC
Description of problem:
alsactl's getting an avc denial on resume.

This is a fresh install of yesterday's rawhide. Let me know if you need more info.

type=AVC msg=audit(1176407381.786:145): avc:  denied  { write } for  pid=18367
comm="alsactl" name="etc" dev=sda3 ino=229377
scontext=system_u:system_r:hald_t:s0 tcontext=system_u:object_r:etc_t:s0 tclass=dir

drwxr-xr-x  root root system_u:object_r:etc_t          /etc

Version-Release number of selected component (if applicable):
selinux-policy-targeted-2.5.12-1.fc7

Comment 1 Daniel Walsh 2007-04-12 21:00:47 UTC
Any idea what it is trying to write?

Comment 2 Zack Cerza 2007-04-12 21:13:15 UTC
No idea. This appears to only happen on resume (from RAM, haven't tried disk)

Comment 3 Zack Cerza 2007-04-12 23:00:11 UTC
These two might offer more information.

avc: denied { create } for comm="alsactl" dev=sda3 egid=0 euid=0
exe="/sbin/alsactl" exit=3 fsgid=0 fsuid=0 gid=0 items=0 name="asound.state"
pid=9780 scontext=system_u:system_r:hald_t:s0 sgid=0
subj=system_u:system_r:hald_t:s0 suid=0 tclass=file
tcontext=system_u:object_r:etc_t:s0 tty=(none) uid=0 

avc: denied { write } for comm="alsactl" dev=sda3 egid=0 euid=0
exe="/sbin/alsactl" exit=4096 fsgid=0 fsuid=0 gid=0 items=0 name="asound.state"
path="/etc/asound.state" pid=9780 scontext=system_u:system_r:hald_t:s0 sgid=0
subj=system_u:system_r:hald_t:s0 suid=0 tclass=file
tcontext=system_u:object_r:etc_t:s0 tty=(none) uid=0 

Comment 4 Martin Stransky 2007-04-13 05:37:12 UTC
It's right, /etc/asound.state is stored volume setting for soundcards and
/sbin/alsactl has to read/write/create it.

Comment 5 Daniel Walsh 2007-04-16 15:29:10 UTC
Any chance of getting this file into its own directory?  /etc/asound/asound.state?

Which apps read this file?

This file should be at least ghosted by alsa-utils



Comment 6 Martin Stransky 2007-04-17 06:58:58 UTC
No problem, I can move asound.state to /etc/asound. It's read only by alsactl.
So shall I move it there?

Comment 7 Daniel Walsh 2007-04-17 14:10:57 UTC
Yes if you move it there, I will create a new context for this directory and
allow hal to manipulate that directory.  This way I don't have to allow hal to
manipulate etc_t which includes /etc/passwd.



Comment 8 Daniel Walsh 2007-04-17 14:11:57 UTC
Do you know which hal script(s) manipulates alsactl?

Comment 9 Martin Stransky 2007-04-17 14:30:29 UTC
alsactl is run by init scripts, modprobe.conf (the install section for each
sound driver) and /sbin/salsa. 

So I'll create one utility for store/restore sound settings and this utility can
be called by scripts, no matter where the configuration is actually stored.

Comment 10 Martin Stransky 2007-04-18 12:59:55 UTC
The "salsa" utility was updated in alsa-utils-1.0.14-0.5.rc2.fc7.

We need to update initscripts (halt) and /etc/modprobe.conf with appropriate
configuration. 

We can use:
-----------

"/sbin/salsa -s"   - saves volume settings for all sound cards
"/sbin/salsa -s 1" - saves volume settings for the second sound card

"/sbin/salsa -l"   - loads/restores volume settings for all cards
"/sbin/salsa -l 1" - loads/restores volume settings for the second sound card



Comment 11 Martin Stransky 2007-04-18 13:11:13 UTC
Bug 236916 was filed for initscripts.

Comment 12 Martin Stransky 2007-04-18 13:28:50 UTC
Bug 236918 was filed against kudzu (for /etc/modprobe.conf).

Comment 13 Daniel Walsh 2007-05-17 16:17:01 UTC
Fixed in selinux-policy-2.6.4-5.fc7

Comment 14 Daniel Walsh 2007-08-22 14:16:59 UTC
Should be fixed in the current release



Note You need to log in before you can comment on or make changes to this bug.