Summary: | media-sound/pulseaudio - allow per-user pulseaudio daemon, allow thunderbird to start pulseaudio, and few small fixes | ||
---|---|---|---|
Product: | Gentoo Linux | Reporter: | vespian <gentooorg> |
Component: | SELinux | Assignee: | Sven Vermeulen (RETIRED) <swift> |
Status: | VERIFIED FIXED | ||
Severity: | normal | CC: | selinux |
Priority: | Normal | ||
Version: | unspecified | ||
Hardware: | AMD64 | ||
OS: | Linux | ||
Whiteboard: | sec-policy r1 | ||
Package list: | Runtime testing required: | --- | |
Attachments: | Patch in git format-patch format |
Description
vespian
2013-03-01 10:49:08 UTC
Created attachment 340620 [details, diff]
Patch in git format-patch format
Stuff like the following should be best done through an interface: """ +pulseaudio_domtrans(user_t); +pulseaudio_signull(user_t); +pulseaudio_stream_connect(user_t); + +#User should be able to manage its daemon: +#user_t +manage_files_pattern(user_t,pulseaudio_home_t,pulseaudio_home_t); +read_lnk_files_pattern(user_t,pulseaudio_home_t,pulseaudio_home_t); +setattr_dirs_pattern(user_t,pulseaudio_home_t,pulseaudio_home_t); """ There is the pulseaudio_role() interface that is meant to allow user domains to use pulseaudio which includes most (all?) of the above, so perhaps all you need to do is call """ pulseaudio_role(user_r, user_t) """ and the same for staff? (In reply to comment #2) (...) Yeah, using interface is a better approach. I did not check for it earlier :( The problem is that if you use this interface: pulseaudio_role(user_r, user_t) pulseaudio_role(staff_r, staff_t) ,it results in a conflict: pulseaudio.te":232:ERROR 'duplicate filename transition for: filename_trans .pulse staff_t user_home_dir_t:dir' at token ';' on line 12211 or with more details: budrys targeted # pwd /var/tmp/portage/sec-policy/selinux-pulseaudio-9999/work/targeted budrys targeted # grep \"\.pulse\" ./tmp/pulseaudio.tmp ##### begin userdom_user_home_dir_filetrans(user_t,pulseaudio_home_t,dir,".pulse") depth: 2 type_transition user_t user_home_dir_t:dir pulseaudio_home_t ".pulse"; ##### end userdom_user_home_dir_filetrans(user_t,pulseaudio_home_t,dir,".pulse") depth: 1 ##### begin userdom_user_home_dir_filetrans(staff_t,pulseaudio_home_t,dir,".pulse") depth: 2 type_transition staff_t user_home_dir_t:dir pulseaudio_home_t ".pulse"; ##### end userdom_user_home_dir_filetrans(staff_t,pulseaudio_home_t,dir,".pulse") depth: 1 ##### begin userdom_user_home_dir_filetrans(pulseaudio_t,pulseaudio_home_t,dir,".pulse") depth: 1 type_transition pulseaudio_t user_home_dir_t:dir pulseaudio_home_t ".pulse"; ##### end userdom_user_home_dir_filetrans(pulseaudio_t,pulseaudio_home_t,dir,".pulse") depth: 0 ##### begin pulseaudio_home_filetrans_pulseaudio_home(pulseaudio_client,dir,".pulse") depth: 1 ##### begin userdom_user_home_dir_filetrans(pulseaudio_client,pulseaudio_home_t,dir,".pulse") depth: 2 type_transition pulseaudio_client user_home_dir_t:dir pulseaudio_home_t ".pulse"; ##### end userdom_user_home_dir_filetrans(pulseaudio_client,pulseaudio_home_t,dir,".pulse") depth: 1 ##### end pulseaudio_home_filetrans_pulseaudio_home(pulseaudio_client,dir,".pulse") depth: 0 IMO we can remove offending rule and take Fedoras approach - modify the userdom_base_user_template granting all the users access to pulseaudio. What do you think ? I can try to prepare the patches. pr (In reply to comment #3) ...or we can try to use pulseaudio_domtrans. The same effect but without conflicts. This way or another I think that there should be a permission for user domains to start and use the pulseaudio daemon by default. pr That collision is, I think, a bug in the policy (which was merged by fedora to upstream). pulseaudio_role calls pulseaudio_run, which calls pulseaudio_domtrans, which marks the domain as a pulseaudio_client. However, pulseaudio_role also directly sets the userdom_user_home_dir_filetrans, which is already done because of the mapping towards the pulseaudio_client attribute. I'll doublecheck, but I'll probably remove the explicit userdom_user_home_dir_filetrans from the pulseaudio_role() interface. The file translations have been removed (also pushed upstream); the unprivuser (user_t) and staff (staff_t) now have pulseaudio_role set too. Fixed in repo, will be in rev 13 In main tree, ~arch'ed (20130424-r1 release) Now stable in repo |