Recent versions of NetworkManager use dbus signals to control actions
related to suspend/resume (among others).
In enforcing mode, using selinux-policy-targeted-1.27.1-2.7.
The suspend script runs without error when executed from the command line,
but produces these errors when invoked by pressing the suspend key.
On suspend, /var/log/debug reports:
Oct 22 12:59:14 vincent52 dbus: Can't send to audit system: USER_AVC
pid=2180 uid=81 loginuid=-1 message=avc: denied { send_msg } for
msgtype=method_call interface=org.freedesktop.NetworkManager
member=sleep dest=org.freedesktop.NetworkManager spid=31524 tpid=2239
scontext=system_u:system_r:apmd_t
tcontext=system_u:system_r:NetworkManager_t tclass=dbus
On resume, /var/log/debug reports:
Oct 22 12:59:39 vincent52 dbus: Can't send to audit system: USER_AVC
pid=2180 uid=81 loginuid=-1 message=avc: denied { send_msg } for
msgtype=method_call interface=org.freedesktop.NetworkManager
member=wake dest=org.freedesktop.NetworkManager spid=31542 tpid=2239
scontext=system_u:system_r:apmd_t
tcontext=system_u:system_r:NetworkManager_t tclass=dbus
No messages appear in /var/log/audit/audit.log.
The relevant section of the suspend script is:
/usr/bin/dbus-send --system --dest=org.freedesktop.NetworkManager \
--type=method_call /org/freedesktop/NetworkManager \
org.freedesktop.NetworkManager.sleep
sync
echo -n "mem" > /sys/power/state
/usr/bin/dbus-send --system --dest=org.freedesktop.NetworkManager \
--type=method_call /org/freedesktop/NetworkManager \
org.freedesktop.NetworkManager.wake
Thanks.
--
Matthew Saltzman
Clemson University Math Sciences
mjs AT clemson DOT edu
http://www.math.clemson.edu/~mjs
--
fedora-selinux-list mailing list
fedora-selinux-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/fedora-selinux-list
