Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!

Bug 463006

Summary: media-sound/pulseaudio - /dev/shm/pulse-shm-*files denials
Product: Gentoo Linux Reporter: vespian <gentooorg>
Component: SELinuxAssignee: Sven Vermeulen (RETIRED) <swift>
Status: VERIFIED FIXED    
Severity: normal CC: selinux
Priority: Normal    
Version: unspecified   
Hardware: All   
OS: Linux   
Whiteboard: sec-policy r1
Package list:
Runtime testing required: ---
Attachments: emerge --info output
pulseaudio_dev_shm.patch

Description vespian 2013-03-24 19:11:43 UTC 
Pulseaudio seems to use /dev/shm/pulse-shm-* files as a means to manage shared memory between clients and the daemon. The problem is that clients create these files in their own *_tmpfs_t domains:

budrys ~ # ls -lZ /dev/shm/pulse-shm-* | sed -e 's/kamila/user_unpriv/g;s/vespian/user_admin/g'
-r--------. 1 user_admin user_admin staff_u:object_r:user_tmpfs_t:s0       67108904 03-24 19:06 /dev/shm/pulse-shm-1439935
-r--------. 1 user_unpriv  user_unpriv  user_u:object_r:user_tmpfs_t:s0        67108904 03-24 17:07 /dev/shm/pulse-shm-1819719118
-r--------. 1 user_unpriv  user_unpriv  user_u:object_r:thunderbird_tmpfs_t:s0 67108904 03-24 17:13 /dev/shm/pulse-shm-18736795
-r--------. 1 user_admin user_admin staff_u:object_r:pulseaudio_tmpfs_t:s0 67108904 03-24 19:32 /dev/shm/pulse-shm-2156878588
-r--------. 1 user_admin user_admin staff_u:object_r:user_tmpfs_t:s0       67108904 03-24 19:06 /dev/shm/pulse-shm-251102762
-r--------. 1 user_unpriv  user_unpriv  user_u:object_r:user_tmpfs_t:s0        67108904 03-24 17:07 /dev/shm/pulse-shm-2870943617
-r--------. 1 user_unpriv  user_unpriv  user_u:object_r:user_tmpfs_t:s0        67108904 03-24 17:07 /dev/shm/pulse-shm-3147715900
-r--------. 1 user_unpriv  user_unpriv  user_u:object_r:mozilla_tmpfs_t:s0     67108904 03-24 17:07 /dev/shm/pulse-shm-3632775165
-r--------. 1 user_admin user_admin staff_u:object_r:mplayer_tmpfs_t:s0    67108904 03-24 19:08 /dev/shm/pulse-shm-428873288
-r--------. 1 user_unpriv  user_unpriv  user_u:object_r:pulseaudio_tmpfs_t:s0  67108904 03-24 19:09 /dev/shm/pulse-shm-726701676
-r--------. 1 user_admin user_admin staff_u:object_r:user_tmpfs_t:s0       67108904 03-24 19:06 /dev/shm/pulse-shm-857495735

And this results in AVC denials to pulseaudio_t and clients domain which cannot exchange data:

type=AVC msg=audit(1363904774.418:2255): avc:  denied  { read } for  pid=9409 comm="plugin-containe" name="pulse-shm-3609188085" dev="tmpfs" ino=326515 scontext=user_u:user_r:mozilla_plugin_t:s0 tcontext=user_u:object_r:thunderbird_tmpfs_t:s0 tclass=file
type=AVC msg=audit(1363904774.418:2255): avc:  denied  { open } for  pid=9409 comm="plugin-containe" path="/dev/shm/pulse-shm-3609188085" dev="tmpfs" ino=326515 scontext=user_u:user_r:mozilla_plugin_t:s0 tcontext=user_u:object_r:thunderbird_tmpfs_t:s0 tclass=file
type=AVC msg=audit(1363904774.428:2258): avc:  denied  { read } for  pid=15550 comm="pulseaudio" name="pulse-shm-3722984048" dev="tmpfs" ino=447258 scontext=user_u:user_r:pulseaudio_t:s0 tcontext=user_u:object_r:mozilla_plugin_tmpfs_t:s0 tclass=file
type=AVC msg=audit(1363904774.428:2258): avc:  denied  { open } for  pid=15550 comm="pulseaudio" path="/dev/shm/pulse-shm-3722984048" dev="tmpfs" ino=447258 scontext=user_u:user_r:pulseaudio_t:s0 tcontext=user_u:object_r:mozilla_plugin_tmpfs_t:s0 tclass=file

Patch attached.



Reproducible: Always

Steps to Reproduce:
1. start pulseaudio in per-user mode
2. try to start few clients (thunderbird, mplayer, etc...)
3. pulseaudio -k to restart the daemon
4. observer the AVC logs
Comment 1 vespian 2013-03-24 19:12:43 UTC 
Created attachment 343130 [details]
emerge --info output
Comment 2 vespian 2013-03-24 19:13:36 UTC 
Created attachment 343132 [details, diff]
pulseaudio_dev_shm.patch
Comment 3 Sven Vermeulen (RETIRED) gentoo-dev 2013-04-01 09:34:19 UTC 
We had the same problem with alsa a while back. I ended up assigning a generic attribute towards all *_tmpfs_t domains if they have pulseaudio enabled. But this isn't perfect. I'll see if the same approach is valid here or not.
Comment 4 Sven Vermeulen (RETIRED) gentoo-dev 2013-04-11 15:57:46 UTC 
Committed in repo:

#v+
    Fix bug 463006 - Support shared file access for pulseaudio
    
    The pulseaudio setup uses shared files in /dev/shm where all pulseaudio-capable
    domains should have the proper access to. The policy already supports marking
    the tmpfs file types as pulseaudio_tmpfsfile's, but this wasn't set everywhere
    (the bug report mentions mplayer, mozilla, mozilla_plugin, thunderbird).
    
    As this is similar to ALSA, I decided to use the same approach as it is, imo,
    quite manageable:
    
    - created a pulseaudio_client_domain() interface that takes two arguments
      (1.) the client domain itself (which will be marked through attribute
           pulseaudio_client)
      (2.) the tmpfs type (which will be marked through attribute
           pulseaudio_tmpfsfile)
    - give pulseaudio_client_domain() on the given types
    
    With that done, support for all pulseaudio-related matters are automatically
    assigned the moment that the pulseaudio module is loaded.
#v-

In repo, will be in rev 13
Comment 5 Sven Vermeulen (RETIRED) gentoo-dev 2013-05-06 18:23:34 UTC 
In main tree,  ~arch'ed (20130424-r1 release)
Comment 6 Sven Vermeulen (RETIRED) gentoo-dev 2013-06-16 17:59:44 UTC 
Now stable in repo