Recent versions of NetworkManager use dbus signals to control actions related to suspend/resume (among others).
In enforcing mode, using selinux-policy-targeted-1.27.1-2.7.
The suspend script runs without error when executed from the command line, but produces these errors when invoked by pressing the suspend key.
On suspend, /var/log/debug reports:
Oct 22 12:59:14 vincent52 dbus: Can't send to audit system: USER_AVC pid=2180 uid=81 loginuid=-1 message=avc: denied { send_msg } for msgtype=method_call interface=org.freedesktop.NetworkManager member=sleep dest=org.freedesktop.NetworkManager spid=31524 tpid=2239 scontext=system_u:system_r:apmd_t tcontext=system_u:system_r:NetworkManager_t tclass=dbus
On resume, /var/log/debug reports:
Oct 22 12:59:39 vincent52 dbus: Can't send to audit system: USER_AVC pid=2180 uid=81 loginuid=-1 message=avc: denied { send_msg } for msgtype=method_call interface=org.freedesktop.NetworkManager member=wake dest=org.freedesktop.NetworkManager spid=31542 tpid=2239 scontext=system_u:system_r:apmd_t tcontext=system_u:system_r:NetworkManager_t tclass=dbus
No messages appear in /var/log/audit/audit.log.
The relevant section of the suspend script is:
/usr/bin/dbus-send --system --dest=org.freedesktop.NetworkManager \ --type=method_call /org/freedesktop/NetworkManager \ org.freedesktop.NetworkManager.sleep
sync echo -n "mem" > /sys/power/state
/usr/bin/dbus-send --system --dest=org.freedesktop.NetworkManager \ --type=method_call /org/freedesktop/NetworkManager \ org.freedesktop.NetworkManager.wake
Thanks. -- Matthew Saltzman
Clemson University Math Sciences mjs AT clemson DOT edu http://www.math.clemson.edu/~mjs
selinux@lists.fedoraproject.org
-
Matthew Saltzman