FAQ Search Today's Posts Mark Forums Read
» Video Reviews

» Linux Archive

Linux-archive is a website aiming to archive linux email lists and to make them easily accessible for linux users/developers.


» Sponsor

» Partners

» Sponsor

Go Back   Linux Archive > Redhat > Fedora SELinux Support

 
 
LinkBack Thread Tools
 
Old 06-21-2010, 10:42 AM
"Christoph A."
 
Default sound within sandbox_web_t type and permissive type sandbox_web_client_t

Hi,

I can remember that while using F12 I had sound within sandbox_web_t
running firefox. Since I'm using F13 sound within the sandbox
disappeared and while running a sandbox I constantly (every 20 seconds)
get abrt notifications that pulsaudio crashed.

pulseaudio version:
pulseaudio-0.9.21-6.fc13


audit.log contains following lines:
type=ANOM_ABEND msg=audit(1277115690.389:210): auid=500 uid=500 gid=500
ses=1 subj=unconfined_u:unconfined_r:sandbox_web_client_ t:s0:c633,c897
pid=5913 comm="pulseaudio" sig=6
type=ANOM_ABEND msg=audit(1277115695.613:211): auid=500 uid=500 gid=500
ses=1 subj=unconfined_u:unconfined_r:sandbox_web_client_ t:s0:c633,c897
pid=5924 comm="pulseaudio" sig=6
type=ANOM_ABEND msg=audit(1277115700.998:212): auid=500 uid=500 gid=500
ses=1 subj=unconfined_u:unconfined_r:sandbox_web_client_ t:s0:c633,c897
pid=5936 comm="pulseaudio" sig=6
type=ANOM_ABEND msg=audit(1277115706.240:213): auid=500 uid=500 gid=500
ses=1 subj=unconfined_u:unconfined_r:sandbox_web_client_ t:s0:c633,c897
pid=5947 comm="pulseaudio" sig=6
[...]

Is someone experiencing the same problem?
If needed I can add the pulseaudio abrt backtrace.


My second question also regarding sandboxes:

This is an AVC I frequently come across:
type=AVC msg=audit(1277029467.183:2147): avc: denied { read write } for
pid=3038 comm="gvfs-fuse-daemo" name="fuse" dev=devtmpfs ino=9048
scontext=unconfined_u:unconfined_r:sandbox_web_cli ent_t:s0:c503,c936
tcontext=system_ubject_r:fuse_device_t:s0 tclass=chr_file

The troubleshooter tells me that this type is running in permissive
mode. Is this supposed to be like that (default) or is this a
misconfiguration on my side?

[gvfs-fuse-daemo has a permissive type (sandbox_web_client_t). This
access was not denied.]

kind regards,
Christoph





--
selinux mailing list
selinux@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/selinux
 
Old 06-21-2010, 11:24 PM
"Christoph A."
 
Default sound within sandbox_web_t type and permissive type sandbox_web_client_t

On 06/21/2010 04:47 PM, Daniel J Walsh wrote:
> No the setroubleshooter is wrong. What it should be telling you is that
> the syscall that generated the AVC did not get denied. The tool
> mistakenly sees this and assumes that the process was permissive. We
> need to fix setroubleshoot to check the permissive flag in policy if the
> success=yes flag is set.

Should I file a bugreport against this or is there already one?

> There is a bug report open on sound not working in F13 when run under
> sandbox. It seems to work on F14.
>
> Miroslav is working on this problem.

Nice to here that someone is already tanking care of that issue.
Could you point me to the bugreport?

kind regards,
Christoph

--
selinux mailing list
selinux@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/selinux
 
Old 06-22-2010, 12:27 PM
Daniel J Walsh
 
Default sound within sandbox_web_t type and permissive type sandbox_web_client_t

On 06/21/2010 07:24 PM, Christoph A. wrote:
> On 06/21/2010 04:47 PM, Daniel J Walsh wrote:
>> No the setroubleshooter is wrong. What it should be telling you is that
>> the syscall that generated the AVC did not get denied. The tool
>> mistakenly sees this and assumes that the process was permissive. We
>> need to fix setroubleshoot to check the permissive flag in policy if the
>> success=yes flag is set.
>
> Should I file a bugreport against this or is there already one?
>
Yes
>> There is a bug report open on sound not working in F13 when run under
>> sandbox. It seems to work on F14.
>>
>> Miroslav is working on this problem.
>
> Nice to here that someone is already tanking care of that issue.
> Could you point me to the bugreport?
>
Miroslav responded with Bug #602768
> kind regards,
> Christoph
>

--
selinux mailing list
selinux@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/selinux
 

Thread Tools




All times are GMT. The time now is 02:48 PM.

VBulletin, Copyright ©2000 - 2014, Jelsoft Enterprises Ltd.
Content Relevant URLs by vBSEO ©2007, Crawlability, Inc.
Copyright 2007 - 2008, www.linux-archive.org