Bug 393601
| Summary: | pm-suspend selinux preventing setsched | ||
|---|---|---|---|
| Product: | [Fedora] Fedora | Reporter: | Douglas Campbell <doug.campbell> |
| Component: | selinux-policy | Assignee: | Daniel Walsh <dwalsh> |
| Status: | CLOSED CURRENTRELEASE | QA Contact: | Fedora Extras Quality Assurance <extras-qa> |
| Severity: | low | Docs Contact: | |
| Priority: | low | ||
| Version: | 7 | CC: | bugzilla.redhat.com, kyrsjo, opensource |
| Target Milestone: | --- | ||
| Target Release: | --- | ||
| Hardware: | All | ||
| OS: | Linux | ||
| Whiteboard: | |||
| Fixed In Version: | Current | Doc Type: | Bug Fix |
| Doc Text: | Story Points: | --- | |
| Clone Of: | Environment: | ||
| Last Closed: | 2007-12-31 13:41:19 UTC | Type: | --- |
| Regression: | --- | Mount Type: | --- |
| Documentation: | --- | CRM: | |
| Verified Versions: | Category: | --- | |
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
| Cloudforms Team: | --- | Target Upstream Version: | |
| Embargoed: | |||
I just started getting these errors after pup updates today. One of these rpms triggered the problem: openldap-2.3.34-4.fc7.i386.rpm tetex-fonts-3.0-40.3.fc7.i386.rpm sip-4.7.1-2.fc7.i386.rpm cups-libs-1.2.12-8.fc7.i386.rpm net-snmp-libs-5.4-16.fc7.i386.rpm kdenetwork-3.5.8-9.fc7.i386.rpm tetex-dvips-3.0-40.3.fc7.i386.rpm tetex-3.0-40.3.fc7.i386.rpm PyQt-3.17.3-3.fc7.i386.rpm kdegames-3.5.8-4.fc7.i386.rpm kpowersave-0.7.3-1.fc7.i386.rpm net-snmp-5.4-16.fc7.i386.rpm cups-1.2.12-8.fc7.i386.rpm openldap-clients-2.3.34-4.fc7.i386.rpm sdparm-1.02-1.fc7.i386.rpm kvm-36-7.fc7.i386.rpm sip-devel-4.7.1-2.fc7.i386.rpm tetex-latex-3.0-40.3.fc7.i386.rpm kdenetwork-devel-3.5.8-9.fc7.i386.rpm openldap-devel-2.3.34-4.fc7.i386.rpm PyQt-devel-3.17.3-3.fc7.i386.rpm The alert is happening every time I suspend my laptop. Does this mean that the CPU is not going into low-power mode? *** Bug 410341 has been marked as a duplicate of this bug. *** The selinux masters need to take a look at this, therefore I reassign it to selinux-policy. fixed in selinux-policy-2.6.4-65 |
Description of problem: Upon suspend, pm-suspend gets selinux error Version-Release number of selected component (if applicable): How reproducible: This is the first time in 6-8 suspends. Steps to Reproduce: 1. Select system/suspend while nonprivileged user 2. resume from suspend (in my case, by opening lid of laptop). 2. 3. Actual results: selinux troubleshooting indicates following error: Summary SELinux is preventing pm-suspend (hald_t) "setsched" to <Unknown> (kernel_t). Detailed Description SELinux denied access requested by pm-suspend. It is not expected that this access is required by pm-suspend and this access may signal an intrusion attempt. It is also possible that the specific version or configuration of the application is causing it to require additional access. Allowing Access You can generate a local policy module to allow this access - see http://fedora.redhat.com/docs/selinux-faq-fc5/#id2961385 Or you can disable SELinux protection altogether. Disabling SELinux protection is not recommended. Please file a http://bugzilla.redhat.com/bugzilla/enter_bug.cgi against this package. Additional Information Source Context system_u:system_r:hald_t Target Context system_u:system_r:kernel_t Target Objects None [ process ] Affected RPM Packages Policy RPM selinux-policy-2.6.4-49.fc7 Selinux Enabled True Policy Type targeted MLS Enabled True Enforcing Mode Enforcing Plugin Name plugins.catchall Host Name ferret Platform Linux ferret 2.6.23.1-21.fc7 #1 SMP Thu Nov 1 20:28:15 EDT 2007 x86_64 x86_64 Alert Count 11 First Seen Sun 04 Nov 2007 09:18:55 PM EST Last Seen Mon 19 Nov 2007 10:44:57 PM EST Local ID a47ef03b-b7b5-4943-b2f7-5364b4491dee Line Numbers Raw Audit Messages avc: denied { setsched } for comm="pm-suspend" egid=0 euid=0 exe="/bin/bash" exit=3 fsgid=0 fsuid=0 gid=0 items=0 pid=4468 scontext=system_u:system_r:hald_t:s0 sgid=0 subj=system_u:system_r:hald_t:s0 suid=0 tclass=process tcontext=system_u:system_r:kernel_t:s0 tty=(none) uid=0 Expected results: normal resumption without above error Additional info: