Can nobody here help with this (and if not, where could I go for
assistance)? selinux-policy-targeted-1.27.1-2.1 does not solve the
problem.
Thanks.
On Wed, 21 Sep 2005, Matthew Saltzman wrote:
On Thu, 15 Sep 2005, Matthew Saltzman wrote:
I have ACPI scripts that are supposed to run when Fn-Fx is pressed (for
various values of x). The scripts run fine when invoked from a shell, but
they fail when invoked by keypress. For example,
/etc/acpi/actions/Fn-F3.sh contains:
#!/bin/sh
if [ -f /var/tmp/acpi-lightoff ]; then
/usr/sbin/radeontool light on
/bin/rm /var/tmp/acpi-lightoff
else
/usr/sbin/radeontool light off
/bin/touch /var/tmp/acpi-lightoff
fi
When invoked by keypress, I get the following audit messages, and no action
is taken (light stays on, no file touched). Should I be doing something
different or is there something in selinux-policy-targeted that needs to be
fixed?
I've changed the script so that it reads its status directly rather than
checking for the file:
if [ "$(/usr/sbin/radeontool light)" = "The radeon backlight looks on"
]; then
/usr/sbin/radeontool light off
else
/usr/sbin/radeontool light on
fi
It still works fine if invoked from the command line and doesn't work if
invoked by acpid, unless setenforce 0 is set. How can I fix this, and can it
be fixed in selinux-policy-targeted? Thanks.
/var/log/acpi reports:
[Wed Sep 21 04:37:22 2005] received event "ibm/hotkey HKEY 00000080 00001003"
[Wed Sep 21 04:37:22 2005] notifying client 3203[500:500]
[Wed Sep 21 04:37:22 2005] executing action "/etc/acpi/actions/Fn-F3.sh"
[Wed Sep 21 04:37:22 2005] BEGIN HANDLER MESSAGES
Radeon hardware not found in lspci output.
Radeon hardware not found in lspci output.
[Wed Sep 21 04:37:23 2005] END HANDLER MESSAGES
[Wed Sep 21 04:37:23 2005] action exited with status 255
[Wed Sep 21 04:37:23 2005] completed event "ibm/hotkey HKEY 00000080
00001003"
/var/log/audit/audit.log reports:
type=AVC msg=audit(1127291842.986:3152715): avc: denied { read } for
pid=7984 comm="lspci" name="pci.ids" dev=dm-0 ino=809685
scontext=system_u:system_r:apmd_t tcontext=system_u:object_r:usr_t
tclass=file
type=SYSCALL msg=audit(1127291842.986:3152715): arch=40000003 syscall=5
success=no exit=-13 a0=8054e5c a1=0 a2=fbad8001 a3=0 items=1 pid=7984
auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0
comm="lspci" exe="/sbin/lspci"
type=CWD msg=audit(1127291842.986:3152715): cwd="/"
type=PATH msg=audit(1127291842.986:3152715): item=0
name="/usr/share/hwdata/pci.ids" flags=101 inode=809685 dev=fd:00
mode=0100644 ouid=0 ogid=0 rdev=00:00
type=AVC msg=audit(1127291842.997:3153231): avc: denied { read } for
pid=7986 comm="lspci" name="pci.ids" dev=dm-0 ino=809685
scontext=system_u:system_r:apmd_t tcontext=system_u:object_r:usr_t
tclass=file
type=SYSCALL msg=audit(1127291842.997:3153231): arch=40000003 syscall=5
success=no exit=-13 a0=8054e5c a1=0 a2=fbad8001 a3=0 items=1 pid=7986
auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0
comm="lspci" exe="/sbin/lspci"
type=CWD msg=audit(1127291842.997:3153231): cwd="/"
type=PATH msg=audit(1127291842.997:3153231): item=0
name="/usr/share/hwdata/pci.ids" flags=101 inode=809685 dev=fd:00
mode=0100644 ouid=0 ogid=0 rdev=00:00
--
Matthew Saltzman
Clemson University Math Sciences
mjs AT clemson DOT edu
http://www.math.clemson.edu/~mjs
--
fedora-selinux-list mailing list
fedora-selinux-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/fedora-selinux-list
