Bug 298081
| Summary: | selinux problem | ||
|---|---|---|---|
| Product: | [Fedora] Fedora | Reporter: | Alexey Kuznetsov <axet> |
| Component: | selinux-policy-targeted | Assignee: | Daniel Walsh <dwalsh> |
| Status: | CLOSED CURRENTRELEASE | QA Contact: | Ben Levenson <benl> |
| Severity: | low | Docs Contact: | |
| Priority: | low | ||
| Version: | 7 | ||
| Target Milestone: | --- | ||
| Target Release: | --- | ||
| Hardware: | All | ||
| OS: | Linux | ||
| Whiteboard: | |||
| Fixed In Version: | Current | Doc Type: | Bug Fix |
| Doc Text: | Story Points: | --- | |
| Clone Of: | Environment: | ||
| Last Closed: | 2008-01-30 19:06:55 UTC | Type: | --- |
| Regression: | --- | Mount Type: | --- |
| Documentation: | --- | CRM: | |
| Verified Versions: | Category: | --- | |
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
| Cloudforms Team: | --- | Target Upstream Version: | |
| Embargoed: | |||
If it's a SELinux problem you need to file it against a SELinux component... Summary
SELinux is preventing /usr/libexec/hald-addon-macbookpro-backlight
(hald_mac_t) "read" to pci (proc_t).
Detailed Description
SELinux denied access requested by /usr/libexec/hald-addon-macbookpro-
backlight. It is not expected that this access is required by /usr/libexec
/hald-addon-macbookpro-backlight and this access may signal an intrusion
attempt. It is also possible that the specific version or configuration of
the application is causing it to require additional access.
Allowing Access
Sometimes labeling problems can cause SELinux denials. You could try to
restore the default system file context for pci, restorecon -v pci If this
does not work, there is currently no automatic way to allow this access.
Instead, you can generate a local policy module to allow this access - see
http://fedora.redhat.com/docs/selinux-faq-fc5/#id2961385 Or you can disable
SELinux protection altogether. Disabling SELinux protection is not
recommended. Please file a http://bugzilla.redhat.com/bugzilla/enter_bug.cgi
against this package.
Additional Information
Source Context system_u:system_r:hald_mac_t
Target Context system_u:object_r:proc_t
Target Objects pci [ dir ]
Affected RPM Packages hal-0.5.9-8.fc7 [application]
Policy RPM selinux-policy-2.6.4-42.fc7
Selinux Enabled True
Policy Type targeted
MLS Enabled True
Enforcing Mode Enforcing
Plugin Name plugins.catchall_file
Host Name axet-laptop
Platform Linux axet-laptop 2.6.22.5-76.fc7 #1 SMP Thu Aug
30 13:47:21 EDT 2007 i686 i686
Alert Count 32
First Seen Tue 04 Sep 2007 02:10:10 PM BRT
Last Seen Thu 20 Sep 2007 03:31:25 PM BRT
Local ID f251d6c3-284b-4cc8-9ea3-eec3053a7039
Line Numbers
Raw Audit Messages
avc: denied { read } for comm="hald-addon-macb" dev=proc egid=0 euid=0
exe="/usr/libexec/hald-addon-macbookpro-backlight" exit=-13 fsgid=0 fsuid=0
gid=0 items=0 name="pci" pid=2590 scontext=system_u:system_r:hald_mac_t:s0
sgid=0 subj=system_u:system_r:hald_mac_t:s0 suid=0 tclass=dir
tcontext=system_u:object_r:proc_t:s0 tty=(none) uid=0
Fixed in selinux-policy-2.6.4-43.fc7.src.rpm two more messages for selinux-policy-2.6.4-42.fc7.src.rpm
Summary
SELinux is preventing /usr/libexec/hald-addon-macbookpro-backlight
(hald_mac_t) "read" to mem (memory_device_t).
Detailed Description
SELinux denied access requested by /usr/libexec/hald-addon-macbookpro-
backlight. It is not expected that this access is required by /usr/libexec
/hald-addon-macbookpro-backlight and this access may signal an intrusion
attempt. It is also possible that the specific version or configuration of
the application is causing it to require additional access.
Allowing Access
Sometimes labeling problems can cause SELinux denials. You could try to
restore the default system file context for mem, restorecon -v mem If this
does not work, there is currently no automatic way to allow this access.
Instead, you can generate a local policy module to allow this access - see
http://fedora.redhat.com/docs/selinux-faq-fc5/#id2961385 Or you can disable
SELinux protection altogether. Disabling SELinux protection is not
recommended. Please file a http://bugzilla.redhat.com/bugzilla/enter_bug.cgi
against this package.
Additional Information
Source Context system_u:system_r:hald_mac_t
Target Context system_u:object_r:memory_device_t
Target Objects mem [ chr_file ]
Affected RPM Packages hal-0.5.9-8.fc7 [application]
Policy RPM selinux-policy-2.6.4-42.fc7
Selinux Enabled True
Policy Type targeted
MLS Enabled True
Enforcing Mode Enforcing
Plugin Name plugins.catchall_file
Host Name axet-laptop
Platform Linux axet-laptop 2.6.22.5-76.fc7 #1 SMP Thu Aug
30 13:47:21 EDT 2007 i686 i686
Alert Count 2
First Seen Thu 20 Sep 2007 05:50:53 PM BRT
Last Seen Fri 21 Sep 2007 10:25:50 AM BRT
Local ID 70a791c7-8f57-4fd2-b5d7-52277d9ef2ae
Line Numbers
Raw Audit Messages
avc: denied { read } for comm="hald-addon-macb" dev=tmpfs egid=0 euid=0
exe="/usr/libexec/hald-addon-macbookpro-backlight" exit=-13 fsgid=0 fsuid=0
gid=0 items=0 name="mem" pid=2597 scontext=system_u:system_r:hald_mac_t:s0
sgid=0 subj=system_u:system_r:hald_mac_t:s0 suid=0 tclass=chr_file
tcontext=system_u:object_r:memory_device_t:s0 tty=(none) uid=0
Summary
SELinux is preventing /usr/libexec/hald-addon-macbookpro-backlight
(hald_mac_t) "search" to / (sysfs_t).
Detailed Description
SELinux denied access requested by /usr/libexec/hald-addon-macbookpro-
backlight. It is not expected that this access is required by /usr/libexec
/hald-addon-macbookpro-backlight and this access may signal an intrusion
attempt. It is also possible that the specific version or configuration of
the application is causing it to require additional access.
Allowing Access
Sometimes labeling problems can cause SELinux denials. You could try to
restore the default system file context for /, restorecon -v / If this does
not work, there is currently no automatic way to allow this access. Instead,
you can generate a local policy module to allow this access - see
http://fedora.redhat.com/docs/selinux-faq-fc5/#id2961385 Or you can disable
SELinux protection altogether. Disabling SELinux protection is not
recommended. Please file a http://bugzilla.redhat.com/bugzilla/enter_bug.cgi
against this package.
Additional Information
Source Context system_u:system_r:hald_mac_t
Target Context system_u:object_r:sysfs_t
Target Objects / [ dir ]
Affected RPM Packages hal-0.5.9-8.fc7
[application]filesystem-2.4.6-1.fc7 [target]
Policy RPM selinux-policy-2.6.4-42.fc7
Selinux Enabled True
Policy Type targeted
MLS Enabled True
Enforcing Mode Enforcing
Plugin Name plugins.catchall_file
Host Name axet-laptop
Platform Linux axet-laptop 2.6.22.5-76.fc7 #1 SMP Thu Aug
30 13:47:21 EDT 2007 i686 i686
Alert Count 2
First Seen Thu 20 Sep 2007 05:50:53 PM BRT
Last Seen Fri 21 Sep 2007 10:25:50 AM BRT
Local ID 464cd133-420f-4956-9ce9-d26392a403a2
Line Numbers
Raw Audit Messages
avc: denied { search } for comm="hald-addon-macb" dev=sysfs egid=0 euid=0
exe="/usr/libexec/hald-addon-macbookpro-backlight" exit=-13 fsgid=0 fsuid=0
gid=0 items=0 name="/" pid=2597 scontext=system_u:system_r:hald_mac_t:s0 sgid=0
subj=system_u:system_r:hald_mac_t:s0 suid=0 tclass=dir
tcontext=system_u:object_r:sysfs_t:s0 tty=(none) uid=0
Bulk closing a old selinux policy bugs that were in the modified state. If the bug is still not fixed. Please reopen. |
Summary SELinux is preventing /usr/libexec/hald-addon-macbookpro-backlight (hald_mac_t) "read" to pci (proc_t). Detailed Description SELinux denied access requested by /usr/libexec/hald-addon-macbookpro- backlight. It is not expected that this access is required by /usr/libexec /hald-addon-macbookpro-backlight and this access may signal an intrusion attempt. It is also possible that the specific version or configuration of the application is causing it to require additional access. Allowing Access Sometimes labeling problems can cause SELinux denials. You could try to restore the default system file context for pci, restorecon -v pci If this does not work, there is currently no automatic way to allow this access. Instead, you can generate a local policy module to allow this access - see http://fedora.redhat.com/docs/selinux-faq-fc5/#id2961385 Or you can disable SELinux protection altogether. Disabling SELinux protection is not recommended. Please file a http://bugzilla.redhat.com/bugzilla/enter_bug.cgi against this package. Additional Information Source Context system_u:system_r:hald_mac_t Target Context system_u:object_r:proc_t Target Objects pci [ dir ] Affected RPM Packages hal-0.5.9-8.fc7 [application] Policy RPM selinux-policy-2.6.4-42.fc7 Selinux Enabled True Policy Type targeted MLS Enabled True Enforcing Mode Enforcing Plugin Name plugins.catchall_file Host Name axet-laptop Platform Linux axet-laptop 2.6.22.5-76.fc7 #1 SMP Thu Aug 30 13:47:21 EDT 2007 i686 i686 Alert Count 27 First Seen Tue 04 Sep 2007 02:10:10 PM BRT Last Seen Thu 20 Sep 2007 09:57:19 AM BRT Local ID f251d6c3-284b-4cc8-9ea3-eec3053a7039 Line Numbers Raw Audit Messages avc: denied { read } for comm="hald-addon-macb" dev=proc egid=0 euid=0 exe="/usr/libexec/hald-addon-macbookpro-backlight" exit=-13 fsgid=0 fsuid=0 gid=0 items=0 name="pci" pid=2623 scontext=system_u:system_r:hald_mac_t:s0 sgid=0 subj=system_u:system_r:hald_mac_t:s0 suid=0 tclass=dir tcontext=system_u:object_r:proc_t:s0 tty=(none) uid=0