Bug 442130

Summary: SELinux is preventing polkit-resolve- (hald_t) "getattr" to <Unknown> (hald_t).
Product: [Fedora] Fedora Reporter: petrosyan
Component: selinux-policyAssignee: Daniel Walsh <dwalsh>
Status: CLOSED DUPLICATE QA Contact: Fedora Extras Quality Assurance <extras-qa>
Severity: low Docs Contact:
Priority: low    
Version: rawhideCC: davidz, jkubin
Target Milestone: ---   
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2008-04-12 03:12:25 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On:    
Bug Blocks: 235706    

Description petrosyan 2008-04-11 22:25:27 UTC 
Summary:

SELinux is preventing polkit-resolve- (hald_t) "getattr" to <Unknown> (hald_t).

Detailed Description:

SELinux denied access requested by polkit-resolve-. It is not expected that this
access is required by polkit-resolve- and this access may signal an intrusion
attempt. It is also possible that the specific version or configuration of the
application is causing it to require additional access.

Allowing Access:

You can generate a local policy module to allow this access - see FAQ
(http://fedora.redhat.com/docs/selinux-faq-fc5/#id2961385) Or you can disable
SELinux protection altogether. Disabling SELinux protection is not recommended.
Please file a bug report (http://bugzilla.redhat.com/bugzilla/enter_bug.cgi)
against this package.

Additional Information:

Source Context                system_u:system_r:hald_t:s0
Target Context                system_u:system_r:hald_t:s0
Target Objects                None [ process ]
Source                        polkit-resolve-
Source Path                   /usr/libexec/polkit-resolve-exe-helper
Port                          <Unknown>
Host                          localhost.localdomain
Source RPM Packages           PolicyKit-0.8-0.git20080404.3.fc9
Target RPM Packages           
Policy RPM                    selinux-policy-3.3.1-33.fc9
Selinux Enabled               True
Policy Type                   targeted
MLS Enabled                   True
Enforcing Mode                Enforcing
Plugin Name                   catchall
Host Name                     localhost.localdomain
Platform                      Linux localhost.localdomain
                              2.6.25-0.218.rc8.git7.fc9.x86_64 #1 SMP Wed Apr 9
                              19:55:19 EDT 2008 x86_64 x86_64
Alert Count                   2
First Seen                    Fri 11 Apr 2008 06:07:20 PM EDT
Last Seen                     Fri 11 Apr 2008 06:08:54 PM EDT
Local ID                      79da3f26-34b7-4c97-850d-2bad02293d38
Line Numbers                  

Raw Audit Messages            

host=localhost.localdomain type=AVC msg=audit(1207951734.605:32): avc:  denied 
{ getattr } for  pid=4134 comm="polkit-resolve-"
scontext=system_u:system_r:hald_t:s0 tcontext=system_u:system_r:hald_t:s0
tclass=process

host=localhost.localdomain type=SYSCALL msg=audit(1207951734.605:32):
arch=c000003e syscall=0 success=no exit=-13 a0=4 a1=16c82a0 a2=fff a3=0 items=0
ppid=2138 pid=4134 auid=4294967295 uid=0 gid=68 euid=0 suid=0 fsuid=0 egid=68
sgid=68 fsgid=68 tty=(none) ses=4294967295 comm="polkit-resolve-"
exe="/usr/libexec/polkit-resolve-exe-helper" subj=system_u:system_r:hald_t:s0
key=(null)
Comment 1 David Zeuthen 2008-04-11 22:39:06 UTC 
Please file SELinux bugs against SELinux; dwalsh is the only one who can fix this.
Comment 2 petrosyan 2008-04-12 03:12:25 UTC 

*** This bug has been marked as a duplicate of 442074 ***