Note: This is a public test instance of Red Hat Bugzilla. The data contained within is a snapshot of the live data so any changes you make will not be reflected in the production Bugzilla. Email is disabled so feel free to test any aspect of the site that you want. File any problems you find or give feedback at bugzilla.redhat.com.
Bug 117369
Summary: | /dev/input/event* can be used as input (synaptics) but not mouse_t | ||
---|---|---|---|
Product: | [Fedora] Fedora | Reporter: | Paul Nasrat <nobody+pnasrat> |
Component: | policy | Assignee: | Daniel Walsh <dwalsh> |
Status: | CLOSED RAWHIDE | QA Contact: | |
Severity: | medium | Docs Contact: | |
Priority: | medium | ||
Version: | 2 | CC: | aleksey |
Target Milestone: | --- | ||
Target Release: | --- | ||
Hardware: | All | ||
OS: | Linux | ||
Whiteboard: | |||
Fixed In Version: | 1.9.1-2 | Doc Type: | Bug Fix |
Doc Text: | Story Points: | --- | |
Clone Of: | Environment: | ||
Last Closed: | 2004-03-30 20:26:13 UTC | Type: | --- |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: | |||
Bug Depends On: | |||
Bug Blocks: | 114961 |
Description
Paul Nasrat
2004-03-03 12:36:18 UTC
Note that gpm also has this problem if the evdev driver is used in gpm (which is included in the default distro, BTW). I would also like to see this problem fixed. Is this fixed by policy-1.9-1 No. In policy-1.9-3, the event devices are still not marked any special and I see: audit(1079743662.488:0): avc: denied { read } for pid=24211 exe=/usr/X11R6/bin/XFree86 name=event0 dev=hda2 ino=4219044 scontext=system_u:system_r:xdm_xserver_t tcontext=system_u:object_r:device_t tclass=chr_file audit(1079743662.488:0): avc: denied { ioctl } for pid=24211 exe=/usr/X11R6/bin/XFree86 path=/dev/input/event0 dev=hda2 ino=4219044 scontext=system_u:system_r:xdm_xserver_t tcontext=system_u:object_r:device_t tclass=chr_file audit(1079743662.489:0): avc: denied { write } for pid=24211 exe=/usr/X11R6/bin/XFree86 name=event0 dev=hda2 ino=4219044 scontext=system_u:system_r:xdm_xserver_t tcontext=system_u:object_r:device_t tclass=chr_file audit(1079743662.618:0): avc: denied { getattr } for pid=24211 exe=/usr/X11R6/bin/XFree86 path=/dev/input/event0 dev=hda2 ino=4219044 scontext=system_u:system_r:xdm_xserver_t tcontext=system_u:object_r:device_t tclass=chr_file I see that policy-1.9-3 has a event_device_t type. But if I manually add /u?dev/input/.*event.* -c system_u:object_r:event_device_t then X still is not allowed to access them: audit(1079743543.522:0): avc: denied { read } for pid=23815 exe=/usr/X11R6/bin/XFree86 name=event0 dev=hda2 ino=4219044 scontext=system_u:system_r:xdm_xserver_t tcontext=system_u:object_r:event_device_t tclass=chr_file audit(1079743543.522:0): avc: denied { ioctl } for pid=23815 exe=/usr/X11R6/bin/XFree86 path=/dev/input/event0 dev=hda2 ino=4219044 scontext=system_u:system_r:xdm_xserver_t tcontext=system_u:object_r:event_device_t tclass=chr_file audit(1079743543.522:0): avc: denied { write } for pid=23815 exe=/usr/X11R6/bin/XFree86 name=event0 dev=hda2 ino=4219044 scontext=system_u:system_r:xdm_xserver_t tcontext=system_u:object_r:event_device_t tclass=chr_file audit(1079743546.735:0): avc: denied { getattr } for pid=23815 exe=/usr/X11R6/bin/XFree86 path=/dev/input/event0 dev=hda2 ino=4219044 scontext=system_u:system_r:xdm_xserver_t tcontext=system_u:object_r:event_device_t tclass=chr_file audit(1079743629.754:0): avc: denied { read } for pid=24005 exe=/usr/X11R6/bin/XFree86 name=event0 dev=hda2 ino=4219044 scontext=system_u:system_r:xdm_xserver_t tcontext=system_u:object_r:event_device_t tclass=chr_file Fixed with policy-sources-1.9.1-2 |