gnome-power-manager disappears if selinux enabled
John (J5) Palmieri
johnp at redhat.com
Wed Jan 18 14:16:00 UTC 2006
Do you have the latest SE-Linux updates. I though we fixed
the /usr/share/scripts issue. If it is the latest update please file a
bug on selinux-policy-targeted in bugzilla with the exact same
description you gave below.
On Wed, 2006-01-18 at 10:11 +0100, Roger Grosswiler wrote:
> Again,
>
> if i have selinux enabled, the g-p-m icon disappears and i find the
> following in my audit.log:
>
> type=AVC msg=audit(1137522144.013:60): avc: denied { execute } for
> pid=2641 comm="hald" name="hal-system-power-set-power-save" dev=dm-0
> ino=1763088 scontext=system_u:system_r:hald_t:s0
> tcontext=system_u:object_r:usr_t:s0 tclass=file
> type=PATH msg=audit(1137522144.013:60): item=0
> name="/usr/share/hal/scripts/hal-system-power-set-power-save" flags=101
> inode=1763088 dev=fd:00 mode=0100755 ouid=0 ogid=0 rdev=00:00
>
> so, in this, audit2allow says:
> [root at niobe audit]# audit2allow -i audit.log | grep hal
> allow hald_t boot_t:dir getattr;
> allow hald_t home_root_t:dir search;
> allow hald_t initctl_t:fifo_file write;
> allow hald_t initrc_var_run_t:file lock;
> allow hald_t mnt_t:dir create;
> allow hald_t mnt_t:file write;
> allow hald_t sysctl_fs_t:dir search;
> allow hald_t usr_t:file execute;
> allow hald_t var_lib_nfs_t:dir search;
>
> (ok, nfs really doesn't belong to the g-p-m :-D )
>
>
> HTH, Thanks
> Roger
--
John (J5) Palmieri <johnp at redhat.com>
More information about the test
mailing list