From: cpebenito@tresys.com (Christopher J. PeBenito)
Date: Thu, 20 Sep 2012 09:04:15 -0400
Subject: [refpolicy] security_compute_sid: invalid context
	unconfined_u:system_r:pulseaudio_t
In-Reply-To: <20120919123003.0764b1e7@eldamar.bigon.be>
References: <20120918130707.314374af@eldamar.bigon.be>
	<20120919123003.0764b1e7@eldamar.bigon.be>
Message-ID: <505B144F.3020203@tresys.com>
To: refpolicy@oss.tresys.com
List-Id: refpolicy.oss.tresys.com

On 09/19/12 06:30, Laurent Bigonville wrote:
> Le Tue, 18 Sep 2012 13:07:07 +0200,
> Laurent Bigonville <bigon@debian.org> a ?crit :
> 
>> Hi,
>>
>> With the git HEAD of the refpolicy compiled with TYPE = standard and
>> both  UBAC = y and UBAC = n, I'm getting the following error:
>>
>> type=SELINUX_ERR msg=audit(1347477364.713:4557): security_compute_sid:
>> invalid context unconfined_u:system_r:pulseaudio_t for
>> scontext=unconfined_u:system_r:pulseaudio_t
>> tcontext=unconfined_u:system_r:pulseaudio_t tclass=unix_stream_socket
> 
> OK so this has been fixed by adding the system_r role to the
> unconfined_u user. It seems that Fedora is already doing this, any
> reason it's not in the refpolicy?
> 
> Also, pulse audio is now running:
> 
> unconfined_u:system_r:pulseaudio_t:s0-s0:c0.c1023 bigon 3820 0.0  0.1 304728 6716 ? S<l 00:13   0:01 /usr/bin/pulseaudio --start --log-target=syslog
> 
> Do we also want to have pulseaudio transition to his own context when
> started in the user session?

I'm no expert in pulseaudio, but I suppose it could make sense.  The transitions to pulseaudio_t are from initrc_t, mozilla_t, and system_dbusd_t right now.

-- 
Chris PeBenito
Tresys Technology, LLC
www.tresys.com | oss.tresys.com