Again,
if i have selinux enabled, the g-p-m icon disappears and i find the
following in my audit.log:
type=AVC msg=audit(1137522144.013:60): avc: denied { execute } for
pid=2641 comm="hald" name="hal-system-power-set-power-save" dev=dm-0
ino=1763088 scontext=system_u:system_r:hald_t:s0
tcontext=system_u:object_r:usr_t:s0 tclass=file
type=PATH msg=audit(1137522144.013:60): item=0
name="/usr/share/hal/scripts/hal-system-power-set-power-save" flags=101
inode=1763088 dev=fd:00 mode=0100755 ouid=0 ogid=0 rdev=00:00
so, in this, audit2allow says:
[root@niobe audit]# audit2allow -i audit.log | grep hal
allow hald_t boot_t:dir getattr;
allow hald_t home_root_t:dir search;
allow hald_t initctl_t:fifo_file write;
allow hald_t initrc_var_run_t:file lock;
allow hald_t mnt_t:dir create;
allow hald_t mnt_t:file write;
allow hald_t sysctl_fs_t:dir search;
allow hald_t usr_t:file execute;
allow hald_t var_lib_nfs_t:dir search;
(ok, nfs really doesn't belong to the g-p-m :-D )
HTH, Thanks
Roger
--
fedora-test-list mailing list
fedora-test-list@xxxxxxxxxx
To unsubscribe:
https://www.redhat.com/mailman/listinfo/fedora-test-list