FAQ Search Today's Posts Mark Forums Read
» Video Reviews

» Linux Archive

Linux-archive is a website aiming to archive linux email lists and to make them easily accessible for linux users/developers.


» Sponsor

» Partners

» Sponsor

Go Back   Linux Archive > Redhat > Fedora SELinux Support

 
 
LinkBack Thread Tools
 
Old 04-02-2008, 07:14 AM
"Andrew Farris"
 
Default preventing console-kit-dae (consolekit_t) "read" to (polkit_var_lib_t) on restart

This occurs on Rawhide when trying to 'Restart' from Gnome System
menu. My user does have policykit authorization to restart the system
(others logged in or not) and to shutdown the system, but neither
work. At the moment I have to logout, then switch to VT1 and reboot.
GDM cannot restart either.

SELinux is preventing console-kit-dae (consolekit_t) "read" to
./org.freedesktop.hal.device-access.sound.override (polkit_var_lib_t).

Source Context system_u:system_r:consolekit_t:s0-s0:c0.c1023
Target Context unconfined_ubject_rolkit_var_lib_t:s0
Target Objects ./org.freedesktop.hal.device-access.sound.override
[ file ]
Source console-kit-dae
Source Path /usr/sbin/console-kit-daemon
Port <Unknown>
Host cirithungol
Source RPM Packages ConsoleKit-0.2.10-1.fc9
Target RPM Packages
Policy RPM selinux-policy-3.3.1-26.fc9
Selinux Enabled True
Policy Type targeted
MLS Enabled True
Enforcing Mode Enforcing
Plugin Name catchall_file
Host Name cirithungol
Platform Linux cirithungol 2.6.25-0.172.rc7.git4.fc9.i686
#1 SMP Fri Mar 28 21:46:59 EDT 2008 i686 i686
Alert Count 1
First Seen Wed 02 Apr 2008 12:00:41 AM PDT
Last Seen Wed 02 Apr 2008 12:00:41 AM PDT
Local ID bade6013-09c9-4ca8-afba-3632172a3fc9
Line Numbers

Raw Audit Messages

host=cirithungol type=AVC msg=audit(1207119641.661:3387): avc: denied
{ read } for pid=2192 comm="console-kit-dae"
name="org.freedesktop.hal.device-access.sound.override" dev=dm-0
ino=727047 scontext=system_u:system_r:consolekit_t:s0-s0:c0.c1023
tcontext=unconfined_ubject_rolkit_var_lib_t:s0 tclass=file

host=cirithungol type=SYSCALL msg=audit(1207119641.661:3387):
arch=40000003 syscall=5 success=no exit=-13 a0=98d1918 a1=8000 a2=0
a3=8000 items=0 ppid=1 pid=2192 auid=4294967295 uid=0 gid=0 euid=0
suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295
comm="console-kit-dae" exe="/usr/sbin/console-kit-daemon"
subj=system_u:system_r:consolekit_t:s0-s0:c0.c1023 key=(null)

--
Andrew Farris <lordmorgul@gmail.com> www.lordmorgul.net
gpg 0x8300BF29 fingerprint 071D FFE0 4CBC 13FC 7DEB 5BD5 5F89 8E1B 8300 BF29
revoked key 0xC99B1DF3 no longer used
No one now has, and no one will ever again get, the big picture. - Daniel Geer

--
fedora-selinux-list mailing list
fedora-selinux-list@redhat.com
https://www.redhat.com/mailman/listinfo/fedora-selinux-list
 

Thread Tools




All times are GMT. The time now is 09:45 PM.

VBulletin, Copyright ©2000 - 2014, Jelsoft Enterprises Ltd.
Content Relevant URLs by vBSEO ©2007, Crawlability, Inc.
Copyright 2007 - 2008, www.linux-archive.org