From mboxrd@z Thu Jan  1 00:00:00 1970
From: dwalsh@redhat.com (Daniel J Walsh)
Date: Fri, 21 Sep 2012 10:49:27 -0400
Subject: [refpolicy] security_compute_sid: invalid context
	unconfined_u:system_r:pulseaudio_t
In-Reply-To: <20120920151528.38577cbf@eldamar.bigon.be>
References: <20120918130707.314374af@eldamar.bigon.be>
	<20120919123003.0764b1e7@eldamar.bigon.be>
	<505B144F.3020203@tresys.com>
	<20120920151528.38577cbf@eldamar.bigon.be>
Message-ID: <505C7E77.5040700@redhat.com>
To: refpolicy@oss.tresys.com
List-Id: refpolicy.oss.tresys.com

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On 09/20/2012 09:15 AM, Laurent Bigonville wrote:
> Le Thu, 20 Sep 2012 09:04:15 -0400, "Christopher J. PeBenito"
> <cpebenito@tresys.com> a ?crit :
> 
>> On 09/19/12 06:30, Laurent Bigonville wrote:
>>> Le Tue, 18 Sep 2012 13:07:07 +0200, Laurent Bigonville
>>> <bigon@debian.org> a ?crit :
>>> 
>>> unconfined_u:system_r:pulseaudio_t:s0-s0:c0.c1023 bigon 3820 0.0 0.1
>>> 304728 6716 ? S<l 00:13   0:01 /usr/bin/pulseaudio --start 
>>> --log-target=syslog
>>> 
>>> Do we also want to have pulseaudio transition to his own context when
>>> started in the user session?
>> 
>> I'm no expert in pulseaudio, but I suppose it could make sense.  The 
>> transitions to pulseaudio_t are from initrc_t, mozilla_t, and 
>> system_dbusd_t right now.
>> 
> 
> I meant this is already happening now, with the current version of the 
> policy. unconfined_t is also transitioning to pulseaudio_t.
> 
> And the role is also transitioning from unconfined_r to system_r which lead
> to my other question about adding the system_r role to the unconfined user
> (which is the case in fedora policy).
> 
> Cheers
> 
> Laurent Bigonville _______________________________________________ 
> refpolicy mailing list refpolicy at oss.tresys.com 
> http://oss.tresys.com/mailman/listinfo/refpolicy
> 


unconfined_t is transitioning to a domain running as system_r which later
transitions to pulseaudio_t

On F18, I find.

 setrans unconfined_t pulseaudio_t
unconfined_t --> xserver_t --> insmod_t --> initrc_t --> pulseaudio_t
unconfined_t --> initrc_t --> pulseaudio_t



-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://www.enigmail.net/

iEYEARECAAYFAlBcfncACgkQrlYvE4MpobPeyQCfep/POeM6c8OFARDli91VUmwH
EGYAn1gDAUdSVPeUC9nKtOfYh2D72w6j
=fNHo
-----END PGP SIGNATURE-----