hald wants more ....

"Tom London" <selinux@xxxxxxxxx> · Fri, 3 Aug 2007 09:36:09 -0700

Today's rawhide.  Problems with hal starting.

In enforcing mode get this:
type=AVC msg=audit(1186156132.596:13): avc:  denied  { read } for
pid=2994 comm="hald" name="reload" dev=dm-0 ino=67152
scontext=system_u:system_r:hald_t:s0
tcontext=system_u:object_r:var_lib_t:s0 tclass=file
type=SYSCALL msg=audit(1186156132.596:13): arch=40000003 syscall=292
success=no exit=-13 a0=d a1=5379f4 a2=106 a3=8c50d88 items=0 ppid=2993
pid=2994 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0
sgid=0 fsgid=0 tty=(none) comm="hald" exe="/usr/sbin/hald"
subj=system_u:system_r:hald_t:s0 key=(null)

Believe the reference is to /var/lib/PolicyKit/reload.  Bad things
seem to happen with this reject.

Rebooting in permissive mode:

type=AVC msg=audit(1186158594.486:18): avc:  denied  { read } for
pid=2920 comm="hald" name="reload" dev=dm-0 ino=67152
scontext=system_u:system_r:hald_t:s0
tcontext=system_u:object_r:var_lib_t:s0 tclass=file
type=SYSCALL msg=audit(1186158594.486:18): arch=40000003 syscall=292
success=yes exit=1 a0=d a1=5379f4 a2=106 a3=9ae4d88 items=0 ppid=2919
pid=2920 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0
sgid=0 fsgid=0 tty=(none) comm="hald" exe="/usr/sbin/hald"
subj=system_u:system_r:hald_t:s0 key=(null)
type=AVC msg=audit(1186158599.790:19): avc:  denied  { signal } for
pid=2934 comm="hal-acl-tool" scontext=system_u:system_r:hald_acl_t:s0
tcontext=system_u:system_r:hald_acl_t:s0 tclass=process
type=SYSCALL msg=audit(1186158599.790:19): arch=40000003 syscall=270
success=yes exit=0 a0=b76 a1=b76 a2=6 a3=bf81ad5c items=0 ppid=2921
pid=2934 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0
sgid=0 fsgid=0 tty=(none) comm="hal-acl-tool"
exe="/usr/libexec/hal-acl-tool" subj=system_u:system_r:hald_acl_t:s0
key=(null)
type=ANOM_ABEND msg=audit(1186158599.791:20): auid=4294967295 uid=0
gid=0 subj=system_u:system_r:hald_acl_t:s0 pid=2934
comm="hal-acl-tool" sig=6

System is happier (NetworkManager seems to work, etc.)

tom
-- 
Tom London

--
fedora-selinux-list mailing list
fedora-selinux-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/fedora-selinux-list