I just added an allow for sysadm_t to read these devices.
fabab187768bbb7295b4dee5543bcd41e1d4563a in git.
I think it should be allowed.
On 05/13/2014 01:07 AM, William wrote:
> time->Tue May 13 14:34:12 2014
> type=SYSCALL msg=audit(1399957452.980:475): arch=c000003e syscall=2
> success=yes exit=4 a0=7fffe9c70350 a1=0 a2=7fffe9c7035e a3=0 items=0
> ppid=4025 pid=4148 auid=1343600009 uid=0 gid=0 euid=0 suid=0 fsuid=0
> egid=0 sgid=0 fsgid=0 tty=pts2 ses=1 comm="powertop"
> exe="/usr/sbin/powertop" subj=staff_u:sysadm_r:sysadm_t:s0-s0:c0.c1023
> key=(null)
> type=AVC msg=audit(1399957452.980:475): avc: denied { open } for
> pid=4148 comm="powertop" path="/dev/cpu/0/msr" dev="devtmpfs" ino=1107
> scontext=staff_u:sysadm_r:sysadm_t:s0-s0:c0.c1023
> tcontext=system_u:object_r:cpu_device_t:s0 tclass=chr_file
> ----
> time->Tue May 13 14:34:16 2014
> type=SYSCALL msg=audit(1399957456.246:476): arch=c000003e syscall=2
> success=yes exit=131 a0=7fffe9c71340 a1=0 a2=7fffe9c7134e a3=0 items=0
> ppid=4025 pid=4148 auid=1343600009 uid=0 gid=0 euid=0 suid=0 fsuid=0
> egid=0 sgid=0 fsgid=0 tty=pts2 ses=1 comm="powertop"
> exe="/usr/sbin/powertop" subj=staff_u:sysadm_r:sysadm_t:s0-s0:c0.c1023
> key=(null)
> type=AVC msg=audit(1399957456.246:476): avc: denied { open } for
> pid=4148 comm="powertop" path="/dev/cpu/0/msr" dev="devtmpfs" ino=1107
> scontext=staff_u:sysadm_r:sysadm_t:s0-s0:c0.c1023
> tcontext=system_u:object_r:cpu_device_t:s0 tclass=chr_file
--
selinux mailing list
selinux@xxxxxxxxxxxxxxxxxxxxxxx
https://admin.fedoraproject.org/mailman/listinfo/selinux
