On 4/29/05, Jeff Spaleta <jspaleta@xxxxxxxxx> wrote:
> I have a fully synced rawhide box.
> hal-0.5.1-1
> selinux-policy-targeted-1.23.13-4
>
> with selinux set to enforcing mode hal doesn't seem to be operating
> correctly and I am getting
> this avc message at bootup.
>
> kernel: audit(1114815383.993:0): avc: denied { connectto } for
> path=@ /tmp/hald-local/dbus-gcCZNOvxOB
> scontext=system_u:system_r:hald_t tcontext=system_u:system_r:hald_t
> tclass=unix_stream_socket
>
> I have run the fixfiles relabel command but I am still getting the avc
> generated at hal service start up. Anyeone else seeing something
> similar? Once I reboot with selinux in permissive mode, hal operates
> as i expect. My selinux-fu is still poor, so any pointers on how to
> diagnose this more would be appreciated.
>
> -jef
Yeah, reported this to fedora-selinux list.
Adding
allow hald_t self:unix_stream_socket connectto;
to the policy will fix this.
Guessing it will be in the next policy update.
tom
--
Tom London