Running latest Rawhide, targeted/enforcing.
I accidentally did a suspend/resume on my Thinkpad.
I got the following AVCs. Sorry, can't tell from this if this
happened during suspend or resume.
I'm guessing the first AVC (from alsactl) is from
/usr/lib/pm-utils/sleep.d/65alsa. There is this code there:
#!/bin/bash
. /usr/lib/pm-utils/functions
case "$1" in
hibernate|suspend)
alsactl store 0 >/dev/null 2>&1
;;
thaw|resume)
alsactl restore 0 >/dev/null 2>&1
;;
*)
;;
esac
Could there be a leaded file descriptor?
/var/log/pm-suspend.log contains:
===== Tue Oct 2 10:45:35 PDT 2007: running hook:
/usr/lib/pm-utils/sleep.d/60sysfont =====
/usr/lib/pm-utils/sleep.d/60sysfont: line 7: /dev/tty0: Permission denied
60sysfont has:
case "$1" in
resume|thaw)
setsysfont </dev/tty0 ;;
esac
Not sure its related.....
Are these known? Worth redoing in permissive mode?
tom
type=AVC msg=audit(1191347118.765:32): avc: denied { search } for
pid=6632 comm="alsactl" name="root" dev=dm-0 ino=9043969
scontext=system_u:system_r:alsa_t:s0
tcontext=root:object_r:sysadm_home_dir_t:s0 tclass=dir
type=SYSCALL msg=audit(1191347118.765:32): arch=40000003 syscall=33
success=no exit=-13 a0=8588508 a1=4 a2=743678 a3=858091c items=0
ppid=6630 pid=6632 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0
egid=0 sgid=0 fsgid=0 tty=(none) comm="alsactl" exe="/sbin/alsactl"
subj=system_u:system_r:alsa_t:s0 key=(null)
type=USYS_CONFIG msg=audit(1191347120.527:33): user pid=6688 uid=0
auid=4294967295 subj=system_u:system_r:hwclock_t:s0 msg='changing
system time: exe="/sbin/hwclock" (hostname=?, addr=?, terminal=?
res=success)'
type=AVC msg=audit(1191347120.695:34): avc: denied { setsched } for
pid=6547 comm="pm-suspend" scontext=system_u:system_r:hald_t:s0
tcontext=system_u:system_r:kernel_t:s0 tclass=process
type=AVC msg=audit(1191347120.695:34): avc: denied { setsched } for
pid=6547 comm="pm-suspend" scontext=system_u:system_r:hald_t:s0
tcontext=system_u:system_r:kernel_t:s0 tclass=process
type=SYSCALL msg=audit(1191347120.695:34): arch=40000003 syscall=4
success=yes exit=3 a0=1 a1=b7fd5000 a2=3 a3=3 items=0 ppid=6544
pid=6547 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0
sgid=0 fsgid=0 tty=(none) comm="pm-suspend" exe="/bin/bash"
subj=system_u:system_r:hald_t:s0 key=(null)
type=USYS_CONFIG msg=audit(1191347135.250:35): user pid=6809 uid=0
auid=4294967295 subj=system_u:system_r:hwclock_t:s0 msg='changing
system time: exe="/sbin/hwclock" (hostname=?, addr=?, terminal=?
res=success)'
type=AVC msg=audit(1191347135.013:36): avc: denied { search } for
pid=6816 comm="alsactl" name="root" dev=dm-0 ino=9043969
scontext=system_u:system_r:alsa_t:s0
tcontext=root:object_r:sysadm_home_dir_t:s0 tclass=dir
type=SYSCALL msg=audit(1191347135.013:36): arch=40000003 syscall=33
success=no exit=-13 a0=956a508 a1=4 a2=743678 a3=956291c items=0
ppid=6814 pid=6816 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0
egid=0 sgid=0 fsgid=0 tty=(none) comm="alsactl" exe="/sbin/alsactl"
subj=system_u:system_r:alsa_t:s0 key=(null)
type=USER_ACCT msg=audit(1191348061.178:37): user pid=7003 uid=0
auid=4294967295 subj=system_u:system_r:crond_t:s0-s0:c0.c1023
msg='op=PAM:accounting acct=root exe="/usr/sbin/crond" (hostname=?,
addr=?, terminal=cron res=success)'
--
Tom London
--
fedora-selinux-list mailing list
fedora-selinux-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/fedora-selinux-list
