Le mardi 21 mars 2006 à 14:28 -0500, Daniel J Walsh a écrit :
> Tanguy Eric wrote:
> > I think it's a selinux problem :
> > i can't use my usb scanner unless i'm root
> > i can't mount cdrom and ext3 usb partition unless i'm root
> >
> > How can i use this in simple user ?
> > Eric
> >
> >
> >
> Are you seeing AVC messages in /var/log/messages? /var/log/audit/audit.log?
>
> You can see if it is SELinux causing the problems by executing
> setenforce 0 as root, and then see if the devices work correctly.
>
> Dan
>
When i plug my usb scanneri found this in dmesg :
usb 3-2: new high speed USB device using ehci_hcd and address 8
usb 3-2: configuration #1 chosen from 1 choice
audit(1143014471.120:170): avc: denied { getattr } for pid=2699
comm="pam_console_app" name="008" dev=tmpfs ino=20684
scontext=system_u:system_r:pam_console_t:s0-s0:c0.c255
tcontext=system_u:object_r:usb_device_t:s0 tclass=chr_file
as user : scanimage -L
device `v4l:/dev/video1' is a Noname Creative NX virtual device
device `v4l:/dev/video0' is a Noname BT878 video (Pinnacle PCTV Stud
virtual device
sudo scanimage -L
Password:
device `v4l:/dev/video1' is a Noname Creative NX virtual device
device `v4l:/dev/video0' is a Noname BT878 video (Pinnacle PCTV Stud
virtual device
device `snapscan:libusb:003:008' is a EPSON EPSON Scanner flatbed
scanner
if i plug a usb disk containing a usb fat32 partition and a ext3
partition :
i can see in dmesg :
Initializing USB Mass Storage driver...
scsi0 : SCSI emulation for USB Mass Storage devices
usb-storage: device found at 9
usb-storage: waiting for device to settle before scanning
usbcore: registered new driver usb-storage
USB Mass Storage support registered.
Vendor: HDS72258 Model: 0VLAT20 Rev: V32O
Type: Direct-Access ANSI SCSI revision: 00
SCSI device sda: 160836480 512-byte hdwr sectors (82348 MB)
sda: Write Protect is off
sda: Mode Sense: 03 00 00 00
sda: assuming drive cache: write through
SCSI device sda: 160836480 512-byte hdwr sectors (82348 MB)
sda: Write Protect is off
sda: Mode Sense: 03 00 00 00
sda: assuming drive cache: write through
sda: sda1 sda2
sd 0:0:0:0: Attached scsi disk sda
usb-storage: device scan complete
sd 0:0:0:0: Attached scsi generic sg0 type 0
audit(1143014745.045:172): avc: denied { getattr } for pid=2826
comm="pam_console_app" name="008" dev=tmpfs ino=20684
scontext=system_u:system_r:pam_console_t:s0-s0:c0.c255
tcontext=system_u:object_r:usb_device_t:s0 tclass=chr_file
audit(1143014745.117:173): avc: denied { getattr } for pid=2830
comm="pam_console_app" name="008" dev=tmpfs ino=20684
scontext=system_u:system_r:pam_console_t:s0-s0:c0.c255
tcontext=system_u:object_r:usb_device_t:s0 tclass=chr_file
as user in my desktop only the fat32 partition is mounted
if i plug my usb cd/dvd reader writer with the fc5 dvd in it .
I found in dmesg :
usb 3-1: new high speed USB device using ehci_hcd and address 10
usb 3-1: configuration #1 chosen from 1 choice
scsi1 : SCSI emulation for USB Mass Storage devices
usb-storage: device found at 10
usb-storage: waiting for device to settle before scanning
audit(1143014878.670:179): avc: denied { getattr } for pid=2913
comm="pam_console_app" name="008" dev=tmpfs ino=20684
scontext=system_u:system_r:pam_console_t:s0-s0:c0.c255
tcontext=system_u:object_r:usb_device_t:s0 tclass=chr_file
Vendor: PLEXTOR Model: DVDR PX-708A Rev: 1.09
Type: CD-ROM ANSI SCSI revision: 00
1:0:0:0: Attached scsi generic sg1 type 5
usb-storage: device scan complete
sr0: scsi3-mmc drive: 40x/40x writer cd/rw xa/form2 cdda tray
sr 1:0:0:0: Attached scsi CD-ROM sr0
audit(1143014883.606:180): avc: denied { getattr } for pid=2926
comm="pam_console_app" name="008" dev=tmpfs ino=20684
scontext=system_u:system_r:pam_console_t:s0-s0:c0.c255
tcontext=system_u:object_r:usb_device_t:s0 tclass=chr_file
audit(1143014883.682:181): avc: denied { getattr } for pid=2951
comm="pam_console_app" name="008" dev=tmpfs ino=20684
scontext=system_u:system_r:pam_console_t:s0-s0:c0.c255
tcontext=system_u:object_r:usb_device_t:s0 tclass=chr_file
audit(1143014921.500:182): avc: denied { getattr } for pid=2258
comm="hald" name="/" dev=sda2 ino=2 scontext=system_u:system_r:hald_t:s0
tcontext=system_u:object_r:file_t:s0 tclass=dir
audit(1143014921.688:183): avc: denied { getattr } for pid=2967
comm="hal-system-stor" name="/" dev=sda2 ino=2
scontext=system_u:system_r:hald_t:s0
tcontext=system_u:object_r:file_t:s0 tclass=dir
audit(1143014921.688:184): avc: denied { getattr } for pid=2967
comm="hal-system-stor" name="/" dev=sda2 ino=2
scontext=system_u:system_r:hald_t:s0
tcontext=system_u:object_r:file_t:s0 tclass=dir
audit(1143014921.692:185): avc: denied { search } for pid=2971
comm="touch" name="/" dev=sda2 ino=2
scontext=system_u:system_r:hald_t:s0
tcontext=system_u:object_r:file_t:s0 tclass=dir
audit(1143014921.692:186): avc: denied { search } for pid=2971
comm="touch" name="/" dev=sda2 ino=2
scontext=system_u:system_r:hald_t:s0
tcontext=system_u:object_r:file_t:s0 tclass=dir
audit(1143014921.692:187): avc: denied { getattr } for pid=2967
comm="hal-system-stor" name="/" dev=sda2 ino=2
scontext=system_u:system_r:hald_t:s0
tcontext=system_u:object_r:file_t:s0 tclass=dir
and the dvd is not mounted.
Eric
