<br><br><div><span class="gmail_quote">On 8/9/07, <b class="gmail_sendername">cornel panceac</b> <<a href="mailto:cpanceac@gmail.com">cpanceac@gmail.com</a>> wrote:</span><blockquote class="gmail_quote" style="border-left: 1px solid rgb(204, 204, 204); margin: 0pt 0pt 0pt 0.8ex; padding-left: 1ex;">
# sealert -l 7b733fe2-9be2-40f7-bccc-6516e261b46c<br>Summary<br> SELinux is preventing /usr/sbin/hald (hald_t) "read" to reload (var_lib_t).<br><br>Detailed Description<br> SELinux denied access requested by /usr/sbin/hald. It is not expected that
<br> this access is required by /usr/sbin/hald and this access may signal an<br> intrusion attempt. It is also possible that the specific version or<br> configuration of the application is causing it to require additional access.
<br><br>Allowing Access<br> Sometimes labeling problems can cause SELinux denials. You could try to<br> restore the default system file context for reload, restorecon -v reload If<br> this does not work, there is currently no automatic way to allow this
<br> access. Instead, you can generate a local policy module to allow this<br> access - see <a href="http://fedora.redhat.com/docs/selinux-faq-fc5/#id2961385" target="_blank" onclick="return top.js.OpenExtLink(window,event,this)">
http://fedora.redhat.com/docs/selinux-faq-fc5/#id2961385
</a> Or you<br> can disable SELinux protection altogether. Disabling SELinux protection is<br> not recommended. Please file a<br> <a href="http://bugzilla.redhat.com/bugzilla/enter_bug.cgi" target="_blank" onclick="return top.js.OpenExtLink(window,event,this)">
http://bugzilla.redhat.com/bugzilla/enter_bug.cgi
</a> against this package.<br><br>Additional Information<br><br>Source Context system_u:system_r:hald_t<br>Target Context system_u:object_r:var_lib_t<br>Target Objects reload [ file ]
<br>Affected RPM Packages hal-0.5.10-0.git20070731.fc8 [application]<br>Policy RPM selinux-policy-3.0.5-2.fc8<br>Selinux Enabled True<br>Policy Type targeted<br>
MLS Enabled True
<br>Enforcing Mode Enforcing<br>Plugin Name plugins.catchall_file<br>Host Name <a href="http://home-1367252.galati.astral.ro" target="_blank" onclick="return top.js.OpenExtLink(window,event,this)">
home-1367252.galati.astral.ro</a><br>Platform Linux
<a href="http://home-1367252.galati.astral.ro" target="_blank" onclick="return top.js.OpenExtLink(window,event,this)">home-1367252.galati.astral.ro</a><br> 2.6.23-0.74.rc2.git1.fc8 #1 SMP Tue Aug 7 19:21:07
<br> EDT 2007 i686 athlon<br>
Alert Count 5<br>First Seen Wed Aug 8 15:42:26 2007<br>Last Seen Thu Aug 9 07:28:11 2007<br>Local ID 7b733fe2-9be2-40f7-bccc-6516e261b46c<br>
Line Numbers<br><br>Raw Audit Messages<br><br>avc: denied { read } for comm="hald" dev=sda1 egid=0 euid=0 exe="/usr/sbin/hald"<br>exit=-13 fsgid=0 fsuid=0 gid=0 items=0 name="reload" pid=3080
<br>scontext=system_u:system_r:hald_t:s0 sgid=0 subj=system_u:system_r:hald_t:s0<br>suid=0 tclass=file tcontext=system_u:object_r:var_lib_t:s0 tty=(none) uid=0<br><br><br><br>since it's a freshly installed system, i'm not tempted to relabel. any other fix?
<br><br><div><span class="gmail_quote">2007/8/8, Justin Conover <<a href="mailto:justin.conover@gmail.com" target="_blank" onclick="return top.js.OpenExtLink(window,event,this)">justin.conover@gmail.com</a>>:</span>
<span class="q"><blockquote class="gmail_quote" style="border-left: 1px solid rgb(204, 204, 204); margin: 0pt 0pt 0pt 0.8ex; padding-left: 1ex;">
<br><br><div><div><span><span class="gmail_quote">On 8/8/07, <b class="gmail_sendername">dragoran</b> <<a href="mailto:drago01@gmail.com" target="_blank" onclick="return top.js.OpenExtLink(window,event,this)">
drago01@gmail.com</a>> wrote:</span><blockquote class="gmail_quote" style="border-left: 1px solid rgb(204, 204, 204); margin: 0pt 0pt 0pt 0.8ex; padding-left: 1ex;">
Justin Conover wrote:<br>> HAL will not start, is there any thing I can look at for logs or why.<br>> The system is updated to current rawhide.<br>><br>> [root@comatose ~]# dmesg -c < /dev/null<br>> [root@comatose
~]# dmesg<br>> [root@comatose ~]# /etc/init.d/haldaemon start<br>> Starting HAL daemon: [FAILED]<br>> [root@comatose ~]# dmesg<br>> [root@comatose ~]#<br>><br>> [root@comatose
log]# /usr/sbin/hald<br>> [root@comatose log]# /etc/init.d/haldaemon status<br>> hald (pid 3027) is running...<br>><br>maybe a selinux issue?<br>any avc messages?<br><br>--<br>fedora-test-list mailing list<br><a href="mailto:fedora-test-list@redhat.com" target="_blank" onclick="return top.js.OpenExtLink(window,event,this)">
fedora-test-list@redhat.com</a><br>To unsubscribe:<br><a href="https://www.redhat.com/mailman/listinfo/fedora-test-list" target="_blank" onclick="return top.js.OpenExtLink(window,event,this)">https://www.redhat.com/mailman/listinfo/fedora-test-list
</a></blockquote></span></div><div><br><br>Relabeling does allow hald to start during the boot process, however now. nm-applet seg faults...
<br></div><br></div><br>
<br>--<br>fedora-test-list mailing list<br><a href="mailto:fedora-test-list@redhat.com" target="_blank" onclick="return top.js.OpenExtLink(window,event,this)">fedora-test-list@redhat.com</a><br>To unsubscribe:<br><a href="https://www.redhat.com/mailman/listinfo/fedora-test-list" target="_blank" onclick="return top.js.OpenExtLink(window,event,this)">
https://www.redhat.com/mailman/listinfo/fedora-test-list</a><br></blockquote></span></div><br>
<br>--<br>fedora-test-list mailing list<br><a onclick="return top.js.OpenExtLink(window,event,this)" href="mailto:fedora-test-list@redhat.com">fedora-test-list@redhat.com</a><br>To unsubscribe:<br><a onclick="return top.js.OpenExtLink(window,event,this)" href="https://www.redhat.com/mailman/listinfo/fedora-test-list" target="_blank">
https://www.redhat.com/mailman/listinfo/fedora-test-list</a><br></blockquote></div><br>If I remember correctly, that is the same error I was getting, a relabel shouldn't take to long.<br><br># touch /.autorelabel<br>