pam_console_t wants access to device_t:chr_file ?
Daniel J Walsh
dwalsh at redhat.com
Thu Jul 13 18:43:07 UTC 2006
Tom London wrote:
> On 7/10/06, Tomas Mraz <tmraz at redhat.com> wrote:
>> On Sat, 2006-07-08 at 13:15 -0700, Tom London wrote:
>> > On 7/8/06, Daniel J Walsh <dwalsh at redhat.com> wrote:
>> > Happens every time I boot. Appears to depend on the usb devices I
>> > have connected at the time (I have 2 'docks' for my laptop, so the USB
>> > setup is not the same).
>> >
>> > In this case, 'lsusb' says:
>> > Bus 005 Device 005: ID 04b8:010a Seiko Epson Corp. Perfection 1640SU
>> > Bus 005 Device 004: ID 0461:4d03 Primax Electronics, Ltd Kensington
>> > Mouse-in-a-box
>> > Bus 005 Device 002: ID 04b3:4484 IBM Corp.
>> > Bus 005 Device 001: ID 0000:0000
>> > Bus 002 Device 001: ID 0000:0000
>> > Bus 003 Device 003: ID 0483:2016 SGS Thomson Microelectronics
>> Fingerprint Reader
>> > Bus 003 Device 001: ID 0000:0000
>> > Bus 001 Device 001: ID 0000:0000
>> > Bus 004 Device 001: ID 0000:0000
>> >
>> > So I'm guessing usbdev5.5_ep* is pointing at this.
>>
>> It is the scanner device so it should have a scanner_device_t type.
>> pam_console_apply actually accesses /dev/usb/scanner* or /dev/scanner*
>> symlink which points to the device node.
>> --
>> Tomas Mraz <tmraz at redhat.com>
>>
> Here is the output from 'ls -lZ /dev/scanner*':
> lrwxrwxrwx root root system_u:object_r:device_t
> /dev/scanner-usbdev1.5 -> bus/usb/001/005
> lrwxrwxrwx root root system_u:object_r:device_t
> /dev/scanner-usbdev1.5_ep00 -> usbdev1.5_ep00
> lrwxrwxrwx root root system_u:object_r:device_t
> /dev/scanner-usbdev1.5_ep02 -> usbdev1.5_ep02
> lrwxrwxrwx root root system_u:object_r:device_t
> /dev/scanner-usbdev1.5_ep81 -> usbdev1.5_ep81
>
> All /dev/usbdev* files are labeled as device_t.
>
> tom
If I add the following
/dev/usbdev.* -c gen_context(system_u:object_r:usb_device_t,s0)
Will it fix the problem?
More information about the fedora-selinux-list
mailing list