Bug 248248 (acpidsocketSELinux)
Summary: | SELinux is preventing /usr/libexec/hald-addon-acpi (hald_t) "write" to acpid.socket (var_run_t). | ||
---|---|---|---|
Product: | [Fedora] Fedora | Reporter: | Thomas <tk> |
Component: | selinux-policy-targeted | Assignee: | Daniel Walsh <dwalsh> |
Status: | CLOSED WORKSFORME | QA Contact: | Ben Levenson <benl> |
Severity: | medium | Docs Contact: | |
Priority: | low | ||
Version: | 7 | ||
Target Milestone: | --- | ||
Target Release: | --- | ||
Hardware: | i386 | ||
OS: | Linux | ||
Whiteboard: | |||
Fixed In Version: | Doc Type: | Bug Fix | |
Doc Text: | Story Points: | --- | |
Clone Of: | Environment: | ||
Last Closed: | 2007-07-14 16:06:41 UTC | Type: | --- |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: |
Description
Thomas
2007-07-14 05:50:46 UTC
The problem here is that acpid.socket is labeled incorrectly It should be labeled like the following: ls -lZ /var/run/acpid.socket srw-rw-rw- root root system_u:object_r:apmd_var_run_t /var/run/acpid.socket This would indicate that acpid is running under the wrong context ps -eZ | grep acpid system_u:system_r:kernel_t 50 ? 00:00:00 kacpid system_u:system_r:apmd_t 21500 ? 00:00:00 acpid Did you do something to start these apps outside of the init scripts? No, I did not, except for th regular uppdate with the Fedora update manager. I fixed the issue by the rebooting and relabelling routine of SELinux. Frankly, I have not idea if that is now secure or not, but the issue went away. |