-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Tom London wrote:
Running latest rawhide, targeted/enforcing
(selinux-policy-3.2.5-12.fc9).
Notice the following AVC in audit.log
type=AVC msg=audit(1200767626.005:18): avc: denied { read } for
pid=2725 comm="wpa_supplicant" path="inotify" dev=inotifyfs ino=1
scontext=system_u:system_r:NetworkManager_t:s0
tcontext=system_u:object_r:inotifyfs_t:s0 tclass=dir
type=SYSCALL msg=audit(1200767626.005:18): arch=40000003 syscall=11
success=yes exit=0 a0=8619fd8 a1=8619c78 a2=8619008 a3=de799c items=0
ppid=2724 pid=2725 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0
egid=0 sgid=0 fsgid=0 tty=(none) comm="wpa_supplicant"
exe="/usr/sbin/wpa_supplicant"
subj=system_u:system_r:NetworkManager_t:s0 key=(null)
type=ANOM_ABEND msg=audit(1200767646.778:19): auid=4294967295 uid=42
gid=42 subj=system_u:system_r:xdm_t:s0-s0:c0.c1023 pid=2742
comm="dbus-launch" sig=6
#============= NetworkManager_t ==============
allow NetworkManager_t inotifyfs_t:dir read;
Appears to be generated before gdm login; sort of looks like when
NetworkManager is started by init.
Not exactly sure where to BZ..... wpa_supplicant? NetworkManager? inotify?
tom
Yes it should be fixed tonight's rawhide.
Lots of new stuff seems to be using inotify
gdm is getting a facelift/rewrite to be able to do things like setup
networking before login.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.8 (GNU/Linux)
Comment: Using GnuPG with Fedora -
http://enigmail.mozdev.org
iEYEARECAAYFAkeVELkACgkQrlYvE4MpobOU8wCdGSreL33XaGcP5iHNXwqXueXl
p1wAnRRnxYTf9jNYe+h/lQ2JlAOh0YtX
=gCZb
-----END PGP SIGNATURE-----