Some things that used to work in FC3 but don't in FC4: ACPI
Stephen Smalley
sds at tycho.nsa.gov
Wed Jun 29 13:53:05 UTC 2005
On Wed, 2005-06-29 at 09:43 -0400, Matthew Saltzman wrote:
> On Tue, 28 Jun 2005, Matthew Saltzman wrote:
>
> > The ACPI scripts for my Thinkpad don't work as they used to. For example,
> > the script I use to turn off the backlight touches or removes a file to
> > indicate whether the backlight is on or off. In FC4, the script is
> > apparently not allowed to touch the file in either /etc/acpi/actions (where
> > it used to) or even in /var/tmp (where I changed it to).
> >
> > Also, radeontool appears to fail to detect the Radeon in lspci when run form
> > the script, but it works fine when run from the command line as root.
> > The error is different from the one that usually occurs when running
> > radeontool as non-root, which is "can't open /dev/mem Are you root?"
> > This error is "Radeon hardware not found in lspci output."
> >
> > This issue also affects my suspend script, which is not permitted to write to
> > /proc/acpi/sleep.
> >
> > Any ideas what's going on here?
>
> To follow myself up:
>
> As I kind of suspected, this is an SELinux issue--turn off enforcing mode
> and everything works as expected. So how can I give these scripts access
> to the files they need to touch/write to?
Collect the relevant audit messages from /var/log/audit/audit.log (if
running auditd) or /var/log/messages (if not) and report them to
fedora-selinux-list. In audit.log, they should have the type=AVC
prefix, although it would also help to have the adjacent audit messages
as well that sometimes include supplementary information (like AVC_PATH,
PATH, SYSCALL, etc).
--
Stephen Smalley
National Security Agency
More information about the users
mailing list