rick wrote:
I have a shiny new F11 install and am getting the following in the
syslog:
Jun 18 15:41:16 calvin setroubleshoot: SELinux prevented gpsd from
using the terminal 0. For complete SELinux messages. run sealert -l
d33b557f-d1a4-4bde-add4-93b93ce91cc6
Fedora seems to be gpsd-challenged but the alert suggests trying
restorecon which does not seem to do anything...
Summary:
SELinux is preventing gpsd (gpsd_t) "write" to run (var_run_t).
and fyi:
# ls -Z gpsd
-rwxr-xr-x. root root system_u:object_r:gpsd_exec_t:s0 gpsd
...so does this warrant a bug report on the policy or is it possible
to change the context of the daemon's file so that it will work?
fyi, the audit msg is below and the gpsd init script looks for the
file in the wrong place, so perhaps the policy expects it to be in
/usr/bin instead of usr/sbin also...
Ok, how you mentioned above, the gpsd has the init script now, but we
don't have a policy for that. Then this is a bug in the policy.
Regards,
Miroslav
any help appreciated,
rick
------------
Raw Audit Messages
node=calvin.rikm.net type=AVC msg=audit(1245353432.700:34699): avc:
denied { write } for pid=12148 comm="gpsd" name="run" dev=sda7
ino=1654 scontext=unconfined_u:unconfined_r:gpsd_t:s0-s0:c0.c1023
tcontext=system_u:object_r:var_run_t:s0 tclass=dir
node=calvin.rikm.net type=SYSCALL msg=audit(1245353432.700:34699):
arch=c000003e syscall=49 success=no exit=-13 a0=3 a1=7fffd13b8d40
a2=6e a3=3db7168fcc items=0 ppid=12147 pid=12148 auid=500 uid=0 gid=0
euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=1
comm="gpsd" exe="/usr/sbin/gpsd"
subj=unconfined_u:unconfined_r:gpsd_t:s0-s0:c0.c1023 key=(null)
-------------
--
fedora-selinux-list mailing list
fedora-selinux-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/fedora-selinux-list
