Bug 549253

Summary: nm-applet fails to start due to dbus policy issue
Product: [Fedora] Fedora Reporter: Dawid Zamirski <dzrudy>
Component: selinux-policyAssignee: Miroslav Grepl <mgrepl>
Status: CLOSED DUPLICATE QA Contact: Fedora Extras Quality Assurance <extras-qa>
Severity: high Docs Contact:
Priority: high    
Version: 12CC: bugzilla-redhat, dcbw, dwalsh, elcuco, h.pillay, marco.hartgring, mgrepl, misek, ploujj, samuel-rhbugs, voas0113, walters
Target Milestone: ---   
Target Release: ---   
Hardware: x86_64   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2010-03-10 21:27:26 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Attachments:
Description Flags
audit.log, permissive mode. none

Description Dawid Zamirski 2009-12-21 03:59:52 UTC 
Description of problem:
The NetworkManager applet does not start at all. Attempting to start it manually from terminal (as non-root user) results in the following:

[maners@phenom ~]$ nm-applet --sm-disable

** (nm-applet:20560): WARNING **: <WARN>  request_name(): Could not acquire the NetworkManagerUserSettings service.
  Error: (9) Connection ":1.137" is not allowed to own the service "org.freedesktop.NetworkManagerUserSettings" due to security policies in the configuration file


Version-Release number of selected component (if applicable):
[root@phenom system.d]# rpm -qa | grep -i NetworkManager
NetworkManager-vpnc-0.7.996-4.git20090921.fc12.x86_64
NetworkManager-0.7.996-7.git20091113.fc12.x86_64
NetworkManager-glib-0.7.996-7.git20091113.fc12.x86_64
NetworkManager-pptp-0.7.996-4.git20090921.fc12.x86_64
NetworkManager-openvpn-0.7.996-4.git20090923.fc12.x86_64
NetworkManager-gnome-0.7.996-7.git20091113.fc12.x86_64


How reproducible:
Always

Steps to Reproduce:
1. login to gnome session - no nm-applet
2. trying to start it manually from terminal results in security policy error message
  
Actual results:
nm-applet fails to start

Expected results:
nm-applet should start upon login to the desktop

Additional info:

[root@phenom system.d]# cat nm-applet.conf 
<!DOCTYPE busconfig PUBLIC
 "-//freedesktop//DTD D-BUS Bus Configuration 1.0//EN"
 "http://www.freedesktop.org/standards/dbus/1.0/busconfig.dtd">
<busconfig>
	<!--
	     WARNING: if running any D-Bus version prior to 1.2.6, you may be
	     vulnerable to information leakage via the NM D-Bus interface.
	     Previous D-Bus versions did not deny-by-default, and this permissions
	     config file assumes that D-Bus will deny rules by default unless
	     explicitly over-ridden with an <allow /> tag.
	 -->

        <policy user="root">
                <allow own="org.freedesktop.NetworkManagerUserSettings"/>

                <allow send_destination="org.freedesktop.NetworkManagerUserSettings"
                       send_interface="org.freedesktop.NetworkManagerSettings"/>

                <allow send_destination="org.freedesktop.NetworkManagerUserSettings"
                       send_interface="org.freedesktop.NetworkManagerSettings.Connection"/>

                <!-- Only root can get secrets -->
                <allow send_destination="org.freedesktop.NetworkManagerUserSettings"
                       send_interface="org.freedesktop.NetworkManagerSettings.Connection.Secrets"/>
        </policy>
        <policy at_console="true">
                <allow own="org.freedesktop.NetworkManagerUserSettings"/>

                <allow send_destination="org.freedesktop.NetworkManagerUserSettings"
                       send_interface="org.freedesktop.NetworkManagerSettings"/>

                <allow send_destination="org.freedesktop.NetworkManagerUserSettings"
                       send_interface="org.freedesktop.NetworkManagerSettings.Connection"/>
        </policy>
        <policy context="default">
                <allow send_destination="org.freedesktop.NetworkManagerUserSettings"
                       send_interface="org.freedesktop.DBus.Introspectable"/>
        </policy>

        <limit name="max_replies_per_connection">512</limit>
</busconfig>
Comment 1 elcuco 2009-12-21 21:58:53 UTC 
Disabling selinux fixed the problem... well at last I can run NetworkManager. There is a real problem with selinux as which started with the update I did today.

Dec 21 20:20:27 Updated: selinux-policy-3.6.32-56.fc12.noarch
Dec 21 20:21:40 Updated: selinux-policy-targeted-3.6.32-56.fc12.noarch
Comment 2 Dawid Zamirski 2009-12-22 01:51:39 UTC 
Indeed, disabling selinux and reboot solved the issue for me as well.
Comment 3 elcuco 2009-12-22 16:28:45 UTC 
Check if this fixes also 549254. It fixed for me.
Comment 4 Dawid Zamirski 2009-12-28 14:59:40 UTC 
(In reply to comment #3)
> Check if this fixes also 549254. It fixed for me.  

Nope, I didn't do the trick for 549254. Only nm-applet started to work gain with SELinux turned off (also confirmed on my friend's system).
Comment 5 Daniel Walsh 2009-12-31 13:35:10 UTC 
What AVC messages were you seeing?

Could you attach the audit.log?


You should just put the machine in permissive mode to gather the data.


Please try 
# yum update selinux-policy-targeted --enablerepo=updates-testing
# restorecon -R -v /var/lib

I know that networkmanager added a new directory under /var/lib that could cause problems.
Comment 6 Juha Sahakangas 2010-01-09 18:20:59 UTC 
Created attachment 382686 [details]
audit.log, permissive mode.

I don't think this has anything to do with the network manager files, rather the at_console="true" requirement in the dbus config file is not fulfilled. /var/run/console/$USER seems to be missing, though I'm not sure if that's even supposed to be required any more or if consolekit should handle that directly. Either way, logging in at text console before X creates that file and "fixes" the problem. As well as 549254, and a similar issue I had with bluetooth applet.

PolicyKit issue?
Comment 7 Juha Sahakangas 2010-01-09 18:21:25 UTC 
s/Policy/Console/
Comment 8 Daniel Walsh 2010-01-11 14:18:30 UTC 
Ok, you still have not reported an SELinux avc message,  Please update to the latest policy

# yum update selinux-policy-targeted --enablerepo=updates-testing

And make sure you have your labelling correct.

# fixfiles restore

Now check if SELinux is still causing problems.
Comment 9 Michael Ploujnikov 2010-01-24 03:31:16 UTC 
This is a rather sever problem for laptop users and should be fixed as soon as possible.
Comment 10 Michael Ploujnikov 2010-01-24 04:36:41 UTC 
This is most likely not a selinux problem since I don't see any thing relevant in my /var/log/audit/audit.log.

I thought that a change in dbus configuration files caused this, but I might be wrong. /etc/dbus-1/system.d/NetworkManager.conf belongs to the NetworkManager package and doesn't seem to have changed much for a while (http://cgit.freedesktop.org/NetworkManager/NetworkManager/log/src/NetworkManager.conf). /etc/dbus-1/system.d/nm-applet.conf, which belongs to the NetworkManager-gnome package also hasn't changed in the last update.
Comment 11 Michael Ploujnikov 2010-01-24 05:07:54 UTC 
Actually, I might be wrong about this not being a selinux problem also. I just wasn't seeing any selinux denials because the selinux applet was actually not running. When I put selinux into permissive mode, logged out and logged back into kde4 nm-applet started to work again.

Strangely,  I don't see any today's denials related to nm-applet or to NM. The last NM denial on my system is the same as in #537745.
Comment 12 Daniel Walsh 2010-01-25 17:42:24 UTC 
Michael is your /var/lib/NetworkManager labeled correctly?
Comment 13 Michael Ploujnikov 2010-01-25 18:11:25 UTC 
Yes. 'restorecon -rv /var/lib' was one of the commands I ran before commenting on this bug.
Comment 14 Daniel Walsh 2010-01-25 19:01:23 UTC 
Well open another bugzilla, since yours seems to have nothing to do with this bug.
Comment 15 Michael Ploujnikov 2010-01-25 19:35:03 UTC 
I'm not sure how to best say this without adding more confusion to the conversation, but I think that I'm experiencing exactly what the original reporter (Dawid Zamirski) experienced.

For me, disabling selinux does seem to allow nm-applet to run. However, I don't see any AVC/denial messages in audit.log. Also, like Juha Sahakangas mentioned, I did not have /var/run/console/$USER (or anything in that dir for that matter) until I put selinux into permissive mode. Maybe that is the cause of this problem?
Comment 16 Daniel Walsh 2010-01-25 19:42:23 UTC 
If you remove the entry and run 

semodule -DB

Do you see any avc messages concerning consolekit?

semodule -B 
Turns the dontaudit rules back on.
Comment 17 Michael Ploujnikov 2010-01-25 19:50:19 UTC 
Sorry, what entry do you mean? Are you talking about the /var/run/console/$USER file?
Comment 18 Daniel Walsh 2010-01-25 19:59:36 UTC 
Yes
Comment 19 Michael Ploujnikov 2010-01-26 00:10:24 UTC 
I think that messing around with semodule inadvertently fixed the problem because now /var/run/console/ gets populated when I login and nm-applet (and others like seapplet) now run properly again. Therefore I might not be a good tester for this bug anymore. I'll try to post the interesting AVC denials anyways.


Summary:

SELinux is preventing /lib/udev/udev-acl "rlimitinh" access.

Detailed Description:

[udev-acl.ck has a permissive type (consolekit_t). This access was not denied.]

SELinux denied access requested by udev-acl.ck. It is not expected that this
access is required by udev-acl.ck and this access may signal an intrusion
attempt. It is also possible that the specific version or configuration of the
application is causing it to require additional access.

Allowing Access:

You can generate a local policy module to allow this access - see FAQ
(http://fedora.redhat.com/docs/selinux-faq-fc5/#id2961385) Please file a bug
report.

Additional Information:

Source Context                system_u:system_r:consolekit_t:s0-s0:c0.c1023
Target Context                system_u:system_r:udev_t:s0-s0:c0.c1023
Target Objects                None [ process ]
Source                        udev-acl.ck
Source Path                   /lib/udev/udev-acl
Port                          <Unknown>
Host                          durandal
Source RPM Packages           udev-145-14.fc12
Target RPM Packages           
Policy RPM                    selinux-policy-3.6.32-69.fc12
Selinux Enabled               True
Policy Type                   targeted
Enforcing Mode                Enforcing
Plugin Name                   catchall
Host Name                     durandal
Platform                      Linux durandal 2.6.31.12-174.2.3.fc12.x86_64 #1
                              SMP Mon Jan 18 19:52:07 UTC 2010 x86_64 x86_64
Alert Count                   33
First Seen                    Mon 25 Jan 2010 06:02:16 PM EST
Last Seen                     Mon 25 Jan 2010 06:18:08 PM EST
Local ID                      d97a9414-1f21-40a8-a796-87a185abb4e8
Line Numbers                  

Raw Audit Messages            

node=durandal type=AVC msg=audit(1264461488.966:2733): avc:  denied  { rlimitinh } for  pid=18050 comm="udev-acl.ck" scontext=system_u:system_r:consolekit_t:s0-s0:c0.c1023 tcontext=system_u:system_r:udev_t:s0-s0:c0.c1023 tclass=process

node=durandal type=AVC msg=audit(1264461488.966:2733): avc:  denied  { siginh } for  pid=18050 comm="udev-acl.ck" scontext=system_u:system_r:consolekit_t:s0-s0:c0.c1023 tcontext=system_u:system_r:udev_t:s0-s0:c0.c1023 tclass=process

node=durandal type=AVC msg=audit(1264461488.966:2733): avc:  denied  { noatsecure } for  pid=18050 comm="udev-acl.ck" scontext=system_u:system_r:consolekit_t:s0-s0:c0.c1023 tcontext=system_u:system_r:udev_t:s0-s0:c0.c1023 tclass=process

node=durandal type=SYSCALL msg=audit(1264461488.966:2733): arch=c000003e syscall=59 success=yes exit=0 a0=a1ef50 a1=7fff1ef8cf20 a2=a24ab0 a3=7fff1ef8c9e0 items=0 ppid=2172 pid=18050 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="udev-acl.ck" exe="/lib/udev/udev-acl" subj=system_u:system_r:udev_t:s0-s0:c0.c1023 key=(null)




Summary:

SELinux is preventing /usr/libexec/nm-dispatcher.action "rlimitinh" access.

Detailed Description:

[nm-dispatcher.a has a permissive type (system_dbusd_t). This access was not
denied.]

SELinux denied access requested by nm-dispatcher.a. It is not expected that this
access is required by nm-dispatcher.a and this access may signal an intrusion
attempt. It is also possible that the specific version or configuration of the
application is causing it to require additional access.

Allowing Access:

You can generate a local policy module to allow this access - see FAQ
(http://fedora.redhat.com/docs/selinux-faq-fc5/#id2961385) Please file a bug
report.

Additional Information:

Source Context                system_u:system_r:system_dbusd_t:s0-s0:c0.c1023
Target Context                system_u:system_r:initrc_t:s0
Target Objects                None [ process ]
Source                        nm-dispatcher.a
Source Path                   /usr/libexec/nm-dispatcher.action
Port                          <Unknown>
Host                          durandal
Source RPM Packages           NetworkManager-0.7.997-2.git20091214.fc12
Target RPM Packages           
Policy RPM                    selinux-policy-3.6.32-69.fc12
Selinux Enabled               True
Policy Type                   targeted
Enforcing Mode                Enforcing
Plugin Name                   catchall
Host Name                     durandal
Platform                      Linux durandal 2.6.31.12-174.2.3.fc12.x86_64 #1
                              SMP Mon Jan 18 19:52:07 UTC 2010 x86_64 x86_64
Alert Count                   9
First Seen                    Mon 25 Jan 2010 06:12:59 PM EST
Last Seen                     Mon 25 Jan 2010 06:17:47 PM EST
Local ID                      de666fa9-f8a8-406a-9670-01234dcd230a
Line Numbers                  

Raw Audit Messages            

node=durandal type=AVC msg=audit(1264461467.145:2559): avc:  denied  { rlimitinh } for  pid=17958 comm="nm-dispatcher.a" scontext=system_u:system_r:system_dbusd_t:s0-s0:c0.c1023 tcontext=system_u:system_r:initrc_t:s0 tclass=process

node=durandal type=AVC msg=audit(1264461467.145:2559): avc:  denied  { siginh } for  pid=17958 comm="nm-dispatcher.a" scontext=system_u:system_r:system_dbusd_t:s0-s0:c0.c1023 tcontext=system_u:system_r:initrc_t:s0 tclass=process

node=durandal type=AVC msg=audit(1264461467.145:2559): avc:  denied  { noatsecure } for  pid=17958 comm="nm-dispatcher.a" scontext=system_u:system_r:system_dbusd_t:s0-s0:c0.c1023 tcontext=system_u:system_r:initrc_t:s0 tclass=process

node=durandal type=SYSCALL msg=audit(1264461467.145:2559): arch=c000003e syscall=59 success=yes exit=0 a0=1a13930 a1=1a13760 a2=1a12010 a3=6f697463612e7265 items=0 ppid=17957 pid=17958 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="nm-dispatcher.a" exe="/usr/libexec/nm-dispatcher.action" subj=system_u:system_r:initrc_t:s0 key=(null)
Comment 20 Michael Ploujnikov 2010-01-26 00:34:18 UTC 
I've actually run into this problem again after rebooting my laptop so I guess the problem didn't go away just yet.
Comment 21 Daniel Walsh 2010-01-26 20:31:09 UTC 
Any other avcs about consolekit?
Comment 22 Michael Ploujnikov 2010-01-26 20:50:35 UTC 
I actually seem to have a lot of denials mentioning console kit:

# grep -i consolekit /var/log/audit/audit.log*|sort|uniq
/var/log/audit/audit.log.1:type=AVC msg=audit(1264460275.369:638): avc:  denied  { noatsecure } for  pid=14021 comm="udev-acl.ck" scontext=system_u:system_r:consolekit_t:s0-s0:c0.c1023 tcontext=system_u:system_r:udev_t:s0-s0:c0.c1023 tclass=process
/var/log/audit/audit.log.1:type=AVC msg=audit(1264460275.369:638): avc:  denied  { rlimitinh } for  pid=14021 comm="udev-acl.ck" scontext=system_u:system_r:consolekit_t:s0-s0:c0.c1023 tcontext=system_u:system_r:udev_t:s0-s0:c0.c1023 tclass=process
/var/log/audit/audit.log.1:type=AVC msg=audit(1264460275.369:638): avc:  denied  { siginh } for  pid=14021 comm="udev-acl.ck" scontext=system_u:system_r:consolekit_t:s0-s0:c0.c1023 tcontext=system_u:system_r:udev_t:s0-s0:c0.c1023 tclass=process
/var/log/audit/audit.log.1:type=AVC msg=audit(1264460307.916:654): avc:  denied  { noatsecure } for  pid=14051 comm="udev-acl.ck" scontext=system_u:system_r:consolekit_t:s0-s0:c0.c1023 tcontext=system_u:system_r:udev_t:s0-s0:c0.c1023 tclass=process
/var/log/audit/audit.log.1:type=AVC msg=audit(1264460307.916:654): avc:  denied  { rlimitinh } for  pid=14051 comm="udev-acl.ck" scontext=system_u:system_r:consolekit_t:s0-s0:c0.c1023 tcontext=system_u:system_r:udev_t:s0-s0:c0.c1023 tclass=process
/var/log/audit/audit.log.1:type=AVC msg=audit(1264460307.916:654): avc:  denied  { siginh } for  pid=14051 comm="udev-acl.ck" scontext=system_u:system_r:consolekit_t:s0-s0:c0.c1023 tcontext=system_u:system_r:udev_t:s0-s0:c0.c1023 tclass=process
/var/log/audit/audit.log.1:type=AVC msg=audit(1264460311.140:686): avc:  denied  { noatsecure } for  pid=14065 comm="udev-acl.ck" scontext=system_u:system_r:consolekit_t:s0-s0:c0.c1023 tcontext=system_u:system_r:udev_t:s0-s0:c0.c1023 tclass=process
/var/log/audit/audit.log.1:type=AVC msg=audit(1264460311.140:686): avc:  denied  { rlimitinh } for  pid=14065 comm="udev-acl.ck" scontext=system_u:system_r:consolekit_t:s0-s0:c0.c1023 tcontext=system_u:system_r:udev_t:s0-s0:c0.c1023 tclass=process
/var/log/audit/audit.log.1:type=AVC msg=audit(1264460311.140:686): avc:  denied  { siginh } for  pid=14065 comm="udev-acl.ck" scontext=system_u:system_r:consolekit_t:s0-s0:c0.c1023 tcontext=system_u:system_r:udev_t:s0-s0:c0.c1023 tclass=process
/var/log/audit/audit.log.1:type=AVC msg=audit(1264460444.350:1018): avc:  denied  { noatsecure } for  pid=14718 comm="udev-acl.ck" scontext=system_u:system_r:consolekit_t:s0-s0:c0.c1023 tcontext=system_u:system_r:udev_t:s0-s0:c0.c1023 tclass=process
/var/log/audit/audit.log.1:type=AVC msg=audit(1264460444.350:1018): avc:  denied  { rlimitinh } for  pid=14718 comm="udev-acl.ck" scontext=system_u:system_r:consolekit_t:s0-s0:c0.c1023 tcontext=system_u:system_r:udev_t:s0-s0:c0.c1023 tclass=process
/var/log/audit/audit.log.1:type=AVC msg=audit(1264460444.350:1018): avc:  denied  { siginh } for  pid=14718 comm="udev-acl.ck" scontext=system_u:system_r:consolekit_t:s0-s0:c0.c1023 tcontext=system_u:system_r:udev_t:s0-s0:c0.c1023 tclass=process
/var/log/audit/audit.log.1:type=AVC msg=audit(1264460484.498:1049): avc:  denied  { noatsecure } for  pid=14758 comm="udev-acl.ck" scontext=system_u:system_r:consolekit_t:s0-s0:c0.c1023 tcontext=system_u:system_r:udev_t:s0-s0:c0.c1023 tclass=process
/var/log/audit/audit.log.1:type=AVC msg=audit(1264460484.498:1049): avc:  denied  { rlimitinh } for  pid=14758 comm="udev-acl.ck" scontext=system_u:system_r:consolekit_t:s0-s0:c0.c1023 tcontext=system_u:system_r:udev_t:s0-s0:c0.c1023 tclass=process
/var/log/audit/audit.log.1:type=AVC msg=audit(1264460484.498:1049): avc:  denied  { siginh } for  pid=14758 comm="udev-acl.ck" scontext=system_u:system_r:consolekit_t:s0-s0:c0.c1023 tcontext=system_u:system_r:udev_t:s0-s0:c0.c1023 tclass=process
/var/log/audit/audit.log.1:type=AVC msg=audit(1264460496.847:1076): avc:  denied  { noatsecure } for  pid=14921 comm="udev-acl.ck" scontext=system_u:system_r:consolekit_t:s0-s0:c0.c1023 tcontext=system_u:system_r:udev_t:s0-s0:c0.c1023 tclass=process
/var/log/audit/audit.log.1:type=AVC msg=audit(1264460496.847:1076): avc:  denied  { rlimitinh } for  pid=14921 comm="udev-acl.ck" scontext=system_u:system_r:consolekit_t:s0-s0:c0.c1023 tcontext=system_u:system_r:udev_t:s0-s0:c0.c1023 tclass=process
/var/log/audit/audit.log.1:type=AVC msg=audit(1264460496.847:1076): avc:  denied  { siginh } for  pid=14921 comm="udev-acl.ck" scontext=system_u:system_r:consolekit_t:s0-s0:c0.c1023 tcontext=system_u:system_r:udev_t:s0-s0:c0.c1023 tclass=process
/var/log/audit/audit.log.2:type=AVC msg=audit(1264460536.625:1813): avc:  denied  { noatsecure } for  pid=15116 comm="udev-acl.ck" scontext=system_u:system_r:consolekit_t:s0-s0:c0.c1023 tcontext=system_u:system_r:udev_t:s0-s0:c0.c1023 tclass=process
/var/log/audit/audit.log.2:type=AVC msg=audit(1264460536.625:1813): avc:  denied  { rlimitinh } for  pid=15116 comm="udev-acl.ck" scontext=system_u:system_r:consolekit_t:s0-s0:c0.c1023 tcontext=system_u:system_r:udev_t:s0-s0:c0.c1023 tclass=process
/var/log/audit/audit.log.2:type=AVC msg=audit(1264460536.625:1813): avc:  denied  { siginh } for  pid=15116 comm="udev-acl.ck" scontext=system_u:system_r:consolekit_t:s0-s0:c0.c1023 tcontext=system_u:system_r:udev_t:s0-s0:c0.c1023 tclass=process
/var/log/audit/audit.log.2:type=AVC msg=audit(1264461164.664:1879): avc:  denied  { noatsecure } for  pid=16283 comm="udev-acl.ck" scontext=system_u:system_r:consolekit_t:s0-s0:c0.c1023 tcontext=system_u:system_r:udev_t:s0-s0:c0.c1023 tclass=process
/var/log/audit/audit.log.2:type=AVC msg=audit(1264461164.664:1879): avc:  denied  { rlimitinh } for  pid=16283 comm="udev-acl.ck" scontext=system_u:system_r:consolekit_t:s0-s0:c0.c1023 tcontext=system_u:system_r:udev_t:s0-s0:c0.c1023 tclass=process
/var/log/audit/audit.log.2:type=AVC msg=audit(1264461164.664:1879): avc:  denied  { siginh } for  pid=16283 comm="udev-acl.ck" scontext=system_u:system_r:consolekit_t:s0-s0:c0.c1023 tcontext=system_u:system_r:udev_t:s0-s0:c0.c1023 tclass=process
/var/log/audit/audit.log.2:type=AVC msg=audit(1264461168.005:1914): avc:  denied  { noatsecure } for  pid=16292 comm="udev-acl.ck" scontext=system_u:system_r:consolekit_t:s0-s0:c0.c1023 tcontext=system_u:system_r:udev_t:s0-s0:c0.c1023 tclass=process
/var/log/audit/audit.log.2:type=AVC msg=audit(1264461168.005:1914): avc:  denied  { rlimitinh } for  pid=16292 comm="udev-acl.ck" scontext=system_u:system_r:consolekit_t:s0-s0:c0.c1023 tcontext=system_u:system_r:udev_t:s0-s0:c0.c1023 tclass=process
/var/log/audit/audit.log.2:type=AVC msg=audit(1264461168.005:1914): avc:  denied  { siginh } for  pid=16292 comm="udev-acl.ck" scontext=system_u:system_r:consolekit_t:s0-s0:c0.c1023 tcontext=system_u:system_r:udev_t:s0-s0:c0.c1023 tclass=process
/var/log/audit/audit.log.2:type=AVC msg=audit(1264461180.187:2097): avc:  denied  { noatsecure } for  pid=16928 comm="udev-acl.ck" scontext=system_u:system_r:consolekit_t:s0-s0:c0.c1023 tcontext=system_u:system_r:udev_t:s0-s0:c0.c1023 tclass=process
/var/log/audit/audit.log.2:type=AVC msg=audit(1264461180.187:2097): avc:  denied  { rlimitinh } for  pid=16928 comm="udev-acl.ck" scontext=system_u:system_r:consolekit_t:s0-s0:c0.c1023 tcontext=system_u:system_r:udev_t:s0-s0:c0.c1023 tclass=process
/var/log/audit/audit.log.2:type=AVC msg=audit(1264461180.187:2097): avc:  denied  { siginh } for  pid=16928 comm="udev-acl.ck" scontext=system_u:system_r:consolekit_t:s0-s0:c0.c1023 tcontext=system_u:system_r:udev_t:s0-s0:c0.c1023 tclass=process
/var/log/audit/audit.log.2:type=AVC msg=audit(1264461388.663:2246): avc:  denied  { noatsecure } for  pid=17085 comm="udev-acl.ck" scontext=system_u:system_r:consolekit_t:s0-s0:c0.c1023 tcontext=system_u:system_r:udev_t:s0-s0:c0.c1023 tclass=process
/var/log/audit/audit.log.2:type=AVC msg=audit(1264461388.663:2246): avc:  denied  { rlimitinh } for  pid=17085 comm="udev-acl.ck" scontext=system_u:system_r:consolekit_t:s0-s0:c0.c1023 tcontext=system_u:system_r:udev_t:s0-s0:c0.c1023 tclass=process
/var/log/audit/audit.log.2:type=AVC msg=audit(1264461388.663:2246): avc:  denied  { siginh } for  pid=17085 comm="udev-acl.ck" scontext=system_u:system_r:consolekit_t:s0-s0:c0.c1023 tcontext=system_u:system_r:udev_t:s0-s0:c0.c1023 tclass=process
/var/log/audit/audit.log.2:type=AVC msg=audit(1264461401.289:2264): avc:  denied  { noatsecure } for  pid=17301 comm="udev-acl.ck" scontext=system_u:system_r:consolekit_t:s0-s0:c0.c1023 tcontext=system_u:system_r:udev_t:s0-s0:c0.c1023 tclass=process
/var/log/audit/audit.log.2:type=AVC msg=audit(1264461401.289:2264): avc:  denied  { rlimitinh } for  pid=17301 comm="udev-acl.ck" scontext=system_u:system_r:consolekit_t:s0-s0:c0.c1023 tcontext=system_u:system_r:udev_t:s0-s0:c0.c1023 tclass=process
/var/log/audit/audit.log.2:type=AVC msg=audit(1264461401.289:2264): avc:  denied  { siginh } for  pid=17301 comm="udev-acl.ck" scontext=system_u:system_r:consolekit_t:s0-s0:c0.c1023 tcontext=system_u:system_r:udev_t:s0-s0:c0.c1023 tclass=process
/var/log/audit/audit.log.3:type=AVC msg=audit(1264460536.625:1813): avc:  denied  { noatsecure } for  pid=15116 comm="udev-acl.ck" scontext=system_u:system_r:consolekit_t:s0-s0:c0.c1023 tcontext=system_u:system_r:udev_t:s0-s0:c0.c1023 tclass=process
/var/log/audit/audit.log.3:type=AVC msg=audit(1264460536.625:1813): avc:  denied  { rlimitinh } for  pid=15116 comm="udev-acl.ck" scontext=system_u:system_r:consolekit_t:s0-s0:c0.c1023 tcontext=system_u:system_r:udev_t:s0-s0:c0.c1023 tclass=process
/var/log/audit/audit.log.3:type=AVC msg=audit(1264460536.625:1813): avc:  denied  { siginh } for  pid=15116 comm="udev-acl.ck" scontext=system_u:system_r:consolekit_t:s0-s0:c0.c1023 tcontext=system_u:system_r:udev_t:s0-s0:c0.c1023 tclass=process
/var/log/audit/audit.log.3:type=AVC msg=audit(1264461164.664:1879): avc:  denied  { noatsecure } for  pid=16283 comm="udev-acl.ck" scontext=system_u:system_r:consolekit_t:s0-s0:c0.c1023 tcontext=system_u:system_r:udev_t:s0-s0:c0.c1023 tclass=process
/var/log/audit/audit.log.3:type=AVC msg=audit(1264461164.664:1879): avc:  denied  { rlimitinh } for  pid=16283 comm="udev-acl.ck" scontext=system_u:system_r:consolekit_t:s0-s0:c0.c1023 tcontext=system_u:system_r:udev_t:s0-s0:c0.c1023 tclass=process
/var/log/audit/audit.log.3:type=AVC msg=audit(1264461164.664:1879): avc:  denied  { siginh } for  pid=16283 comm="udev-acl.ck" scontext=system_u:system_r:consolekit_t:s0-s0:c0.c1023 tcontext=system_u:system_r:udev_t:s0-s0:c0.c1023 tclass=process
/var/log/audit/audit.log.3:type=AVC msg=audit(1264461168.005:1914): avc:  denied  { noatsecure } for  pid=16292 comm="udev-acl.ck" scontext=system_u:system_r:consolekit_t:s0-s0:c0.c1023 tcontext=system_u:system_r:udev_t:s0-s0:c0.c1023 tclass=process
/var/log/audit/audit.log.3:type=AVC msg=audit(1264461168.005:1914): avc:  denied  { rlimitinh } for  pid=16292 comm="udev-acl.ck" scontext=system_u:system_r:consolekit_t:s0-s0:c0.c1023 tcontext=system_u:system_r:udev_t:s0-s0:c0.c1023 tclass=process
/var/log/audit/audit.log.3:type=AVC msg=audit(1264461168.005:1914): avc:  denied  { siginh } for  pid=16292 comm="udev-acl.ck" scontext=system_u:system_r:consolekit_t:s0-s0:c0.c1023 tcontext=system_u:system_r:udev_t:s0-s0:c0.c1023 tclass=process
/var/log/audit/audit.log.3:type=AVC msg=audit(1264461180.187:2097): avc:  denied  { noatsecure } for  pid=16928 comm="udev-acl.ck" scontext=system_u:system_r:consolekit_t:s0-s0:c0.c1023 tcontext=system_u:system_r:udev_t:s0-s0:c0.c1023 tclass=process
/var/log/audit/audit.log.3:type=AVC msg=audit(1264461180.187:2097): avc:  denied  { rlimitinh } for  pid=16928 comm="udev-acl.ck" scontext=system_u:system_r:consolekit_t:s0-s0:c0.c1023 tcontext=system_u:system_r:udev_t:s0-s0:c0.c1023 tclass=process
/var/log/audit/audit.log.3:type=AVC msg=audit(1264461180.187:2097): avc:  denied  { siginh } for  pid=16928 comm="udev-acl.ck" scontext=system_u:system_r:consolekit_t:s0-s0:c0.c1023 tcontext=system_u:system_r:udev_t:s0-s0:c0.c1023 tclass=process
/var/log/audit/audit.log.3:type=AVC msg=audit(1264461388.663:2246): avc:  denied  { noatsecure } for  pid=17085 comm="udev-acl.ck" scontext=system_u:system_r:consolekit_t:s0-s0:c0.c1023 tcontext=system_u:system_r:udev_t:s0-s0:c0.c1023 tclass=process
/var/log/audit/audit.log.3:type=AVC msg=audit(1264461388.663:2246): avc:  denied  { rlimitinh } for  pid=17085 comm="udev-acl.ck" scontext=system_u:system_r:consolekit_t:s0-s0:c0.c1023 tcontext=system_u:system_r:udev_t:s0-s0:c0.c1023 tclass=process
/var/log/audit/audit.log.3:type=AVC msg=audit(1264461388.663:2246): avc:  denied  { siginh } for  pid=17085 comm="udev-acl.ck" scontext=system_u:system_r:consolekit_t:s0-s0:c0.c1023 tcontext=system_u:system_r:udev_t:s0-s0:c0.c1023 tclass=process
/var/log/audit/audit.log.3:type=AVC msg=audit(1264461401.289:2264): avc:  denied  { noatsecure } for  pid=17301 comm="udev-acl.ck" scontext=system_u:system_r:consolekit_t:s0-s0:c0.c1023 tcontext=system_u:system_r:udev_t:s0-s0:c0.c1023 tclass=process
/var/log/audit/audit.log.3:type=AVC msg=audit(1264461401.289:2264): avc:  denied  { rlimitinh } for  pid=17301 comm="udev-acl.ck" scontext=system_u:system_r:consolekit_t:s0-s0:c0.c1023 tcontext=system_u:system_r:udev_t:s0-s0:c0.c1023 tclass=process
/var/log/audit/audit.log.3:type=AVC msg=audit(1264461401.289:2264): avc:  denied  { siginh } for  pid=17301 comm="udev-acl.ck" scontext=system_u:system_r:consolekit_t:s0-s0:c0.c1023 tcontext=system_u:system_r:udev_t:s0-s0:c0.c1023 tclass=process
/var/log/audit/audit.log.3:type=AVC msg=audit(1264461452.771:2339): avc:  denied  { noatsecure } for  pid=17367 comm="udev-acl.ck" scontext=system_u:system_r:consolekit_t:s0-s0:c0.c1023 tcontext=system_u:system_r:udev_t:s0-s0:c0.c1023 tclass=process
/var/log/audit/audit.log.3:type=AVC msg=audit(1264461452.771:2339): avc:  denied  { rlimitinh } for  pid=17367 comm="udev-acl.ck" scontext=system_u:system_r:consolekit_t:s0-s0:c0.c1023 tcontext=system_u:system_r:udev_t:s0-s0:c0.c1023 tclass=process
/var/log/audit/audit.log.3:type=AVC msg=audit(1264461452.771:2339): avc:  denied  { siginh } for  pid=17367 comm="udev-acl.ck" scontext=system_u:system_r:consolekit_t:s0-s0:c0.c1023 tcontext=system_u:system_r:udev_t:s0-s0:c0.c1023 tclass=process
/var/log/audit/audit.log.3:type=AVC msg=audit(1264461455.274:2377): avc:  denied  { noatsecure } for  pid=17381 comm="udev-acl.ck" scontext=system_u:system_r:consolekit_t:s0-s0:c0.c1023 tcontext=system_u:system_r:udev_t:s0-s0:c0.c1023 tclass=process
/var/log/audit/audit.log.3:type=AVC msg=audit(1264461455.274:2377): avc:  denied  { rlimitinh } for  pid=17381 comm="udev-acl.ck" scontext=system_u:system_r:consolekit_t:s0-s0:c0.c1023 tcontext=system_u:system_r:udev_t:s0-s0:c0.c1023 tclass=process
/var/log/audit/audit.log.3:type=AVC msg=audit(1264461455.274:2377): avc:  denied  { siginh } for  pid=17381 comm="udev-acl.ck" scontext=system_u:system_r:consolekit_t:s0-s0:c0.c1023 tcontext=system_u:system_r:udev_t:s0-s0:c0.c1023 tclass=process
/var/log/audit/audit.log.3:type=AVC msg=audit(1264461472.191:2686): avc:  denied  { noatsecure } for  pid=18012 comm="udev-acl.ck" scontext=system_u:system_r:consolekit_t:s0-s0:c0.c1023 tcontext=system_u:system_r:udev_t:s0-s0:c0.c1023 tclass=process
/var/log/audit/audit.log.3:type=AVC msg=audit(1264461472.191:2686): avc:  denied  { rlimitinh } for  pid=18012 comm="udev-acl.ck" scontext=system_u:system_r:consolekit_t:s0-s0:c0.c1023 tcontext=system_u:system_r:udev_t:s0-s0:c0.c1023 tclass=process
/var/log/audit/audit.log.3:type=AVC msg=audit(1264461472.191:2686): avc:  denied  { siginh } for  pid=18012 comm="udev-acl.ck" scontext=system_u:system_r:consolekit_t:s0-s0:c0.c1023 tcontext=system_u:system_r:udev_t:s0-s0:c0.c1023 tclass=process
/var/log/audit/audit.log.3:type=AVC msg=audit(1264461485.574:2708): avc:  denied  { noatsecure } for  pid=18024 comm="udev-acl.ck" scontext=system_u:system_r:consolekit_t:s0-s0:c0.c1023 tcontext=system_u:system_r:udev_t:s0-s0:c0.c1023 tclass=process
/var/log/audit/audit.log.3:type=AVC msg=audit(1264461485.574:2708): avc:  denied  { rlimitinh } for  pid=18024 comm="udev-acl.ck" scontext=system_u:system_r:consolekit_t:s0-s0:c0.c1023 tcontext=system_u:system_r:udev_t:s0-s0:c0.c1023 tclass=process
/var/log/audit/audit.log.3:type=AVC msg=audit(1264461485.574:2708): avc:  denied  { siginh } for  pid=18024 comm="udev-acl.ck" scontext=system_u:system_r:consolekit_t:s0-s0:c0.c1023 tcontext=system_u:system_r:udev_t:s0-s0:c0.c1023 tclass=process
/var/log/audit/audit.log.3:type=AVC msg=audit(1264461488.966:2733): avc:  denied  { noatsecure } for  pid=18050 comm="udev-acl.ck" scontext=system_u:system_r:consolekit_t:s0-s0:c0.c1023 tcontext=system_u:system_r:udev_t:s0-s0:c0.c1023 tclass=process
/var/log/audit/audit.log.3:type=AVC msg=audit(1264461488.966:2733): avc:  denied  { rlimitinh } for  pid=18050 comm="udev-acl.ck" scontext=system_u:system_r:consolekit_t:s0-s0:c0.c1023 tcontext=system_u:system_r:udev_t:s0-s0:c0.c1023 tclass=process
/var/log/audit/audit.log.3:type=AVC msg=audit(1264461488.966:2733): avc:  denied  { siginh } for  pid=18050 comm="udev-acl.ck" scontext=system_u:system_r:consolekit_t:s0-s0:c0.c1023 tcontext=system_u:system_r:udev_t:s0-s0:c0.c1023 tclass=process
/var/log/audit/audit.log.3:type=AVC msg=audit(1264465185.855:80): avc:  denied  { noatsecure } for  pid=2826 comm="udev-acl.ck" scontext=system_u:system_r:consolekit_t:s0-s0:c0.c1023 tcontext=system_u:system_r:udev_t:s0-s0:c0.c1023 tclass=process
/var/log/audit/audit.log.3:type=AVC msg=audit(1264465185.855:80): avc:  denied  { rlimitinh } for  pid=2826 comm="udev-acl.ck" scontext=system_u:system_r:consolekit_t:s0-s0:c0.c1023 tcontext=system_u:system_r:udev_t:s0-s0:c0.c1023 tclass=process
/var/log/audit/audit.log.3:type=AVC msg=audit(1264465185.855:80): avc:  denied  { siginh } for  pid=2826 comm="udev-acl.ck" scontext=system_u:system_r:consolekit_t:s0-s0:c0.c1023 tcontext=system_u:system_r:udev_t:s0-s0:c0.c1023 tclass=process
/var/log/audit/audit.log:type=AVC msg=audit(1264465275.292:36): avc:  denied  { noatsecure } for  pid=1266 comm="console-kit-dae" scontext=system_u:system_r:system_dbusd_t:s0-s0:c0.c1023 tcontext=system_u:system_r:consolekit_t:s0-s0:c0.c1023 tclass=process
/var/log/audit/audit.log:type=AVC msg=audit(1264465275.292:36): avc:  denied  { rlimitinh } for  pid=1266 comm="console-kit-dae" scontext=system_u:system_r:system_dbusd_t:s0-s0:c0.c1023 tcontext=system_u:system_r:consolekit_t:s0-s0:c0.c1023 tclass=process
/var/log/audit/audit.log:type=AVC msg=audit(1264465275.292:36): avc:  denied  { siginh } for  pid=1266 comm="console-kit-dae" scontext=system_u:system_r:system_dbusd_t:s0-s0:c0.c1023 tcontext=system_u:system_r:consolekit_t:s0-s0:c0.c1023 tclass=process
/var/log/audit/audit.log:type=AVC msg=audit(1264465275.347:37): avc:  denied  { noatsecure } for  pid=1329 comm="udev-acl.ck" scontext=system_u:system_r:consolekit_t:s0-s0:c0.c1023 tcontext=system_u:system_r:udev_t:s0-s0:c0.c1023 tclass=process
/var/log/audit/audit.log:type=AVC msg=audit(1264465275.347:37): avc:  denied  { rlimitinh } for  pid=1329 comm="udev-acl.ck" scontext=system_u:system_r:consolekit_t:s0-s0:c0.c1023 tcontext=system_u:system_r:udev_t:s0-s0:c0.c1023 tclass=process
/var/log/audit/audit.log:type=AVC msg=audit(1264465275.347:37): avc:  denied  { siginh } for  pid=1329 comm="udev-acl.ck" scontext=system_u:system_r:consolekit_t:s0-s0:c0.c1023 tcontext=system_u:system_r:udev_t:s0-s0:c0.c1023 tclass=process
/var/log/audit/audit.log:type=AVC msg=audit(1264465397.004:981): avc:  denied  { noatsecure } for  pid=2015 comm="udev-acl.ck" scontext=system_u:system_r:consolekit_t:s0-s0:c0.c1023 tcontext=system_u:system_r:udev_t:s0-s0:c0.c1023 tclass=process
/var/log/audit/audit.log:type=AVC msg=audit(1264465397.004:981): avc:  denied  { rlimitinh } for  pid=2015 comm="udev-acl.ck" scontext=system_u:system_r:consolekit_t:s0-s0:c0.c1023 tcontext=system_u:system_r:udev_t:s0-s0:c0.c1023 tclass=process
/var/log/audit/audit.log:type=AVC msg=audit(1264465397.004:981): avc:  denied  { siginh } for  pid=2015 comm="udev-acl.ck" scontext=system_u:system_r:consolekit_t:s0-s0:c0.c1023 tcontext=system_u:system_r:udev_t:s0-s0:c0.c1023 tclass=process
/var/log/audit/audit.log:type=AVC msg=audit(1264465425.562:1183): avc:  denied  { noatsecure } for  pid=2108 comm="udev-acl.ck" scontext=system_u:system_r:consolekit_t:s0-s0:c0.c1023 tcontext=system_u:system_r:udev_t:s0-s0:c0.c1023 tclass=process
/var/log/audit/audit.log:type=AVC msg=audit(1264465425.562:1183): avc:  denied  { rlimitinh } for  pid=2108 comm="udev-acl.ck" scontext=system_u:system_r:consolekit_t:s0-s0:c0.c1023 tcontext=system_u:system_r:udev_t:s0-s0:c0.c1023 tclass=process
/var/log/audit/audit.log:type=AVC msg=audit(1264465425.562:1183): avc:  denied  { siginh } for  pid=2108 comm="udev-acl.ck" scontext=system_u:system_r:consolekit_t:s0-s0:c0.c1023 tcontext=system_u:system_r:udev_t:s0-s0:c0.c1023 tclass=process
/var/log/audit/audit.log:type=AVC msg=audit(1264465428.150:1215): avc:  denied  { noatsecure } for  pid=2122 comm="udev-acl.ck" scontext=system_u:system_r:consolekit_t:s0-s0:c0.c1023 tcontext=system_u:system_r:udev_t:s0-s0:c0.c1023 tclass=process
/var/log/audit/audit.log:type=AVC msg=audit(1264465428.150:1215): avc:  denied  { rlimitinh } for  pid=2122 comm="udev-acl.ck" scontext=system_u:system_r:consolekit_t:s0-s0:c0.c1023 tcontext=system_u:system_r:udev_t:s0-s0:c0.c1023 tclass=process
/var/log/audit/audit.log:type=AVC msg=audit(1264465428.150:1215): avc:  denied  { siginh } for  pid=2122 comm="udev-acl.ck" scontext=system_u:system_r:consolekit_t:s0-s0:c0.c1023 tcontext=system_u:system_r:udev_t:s0-s0:c0.c1023 tclass=process
/var/log/audit/audit.log:type=AVC msg=audit(1264465576.559:1511): avc:  denied  { noatsecure } for  pid=2686 comm="udev-acl.ck" scontext=system_u:system_r:consolekit_t:s0-s0:c0.c1023 tcontext=system_u:system_r:udev_t:s0-s0:c0.c1023 tclass=process
/var/log/audit/audit.log:type=AVC msg=audit(1264465576.559:1511): avc:  denied  { rlimitinh } for  pid=2686 comm="udev-acl.ck" scontext=system_u:system_r:consolekit_t:s0-s0:c0.c1023 tcontext=system_u:system_r:udev_t:s0-s0:c0.c1023 tclass=process
/var/log/audit/audit.log:type=AVC msg=audit(1264465576.559:1511): avc:  denied  { siginh } for  pid=2686 comm="udev-acl.ck" scontext=system_u:system_r:consolekit_t:s0-s0:c0.c1023 tcontext=system_u:system_r:udev_t:s0-s0:c0.c1023 tclass=process
/var/log/audit/audit.log:type=AVC msg=audit(1264465580.327:1536): avc:  denied  { noatsecure } for  pid=2704 comm="udev-acl.ck" scontext=system_u:system_r:consolekit_t:s0-s0:c0.c1023 tcontext=system_u:system_r:udev_t:s0-s0:c0.c1023 tclass=process
/var/log/audit/audit.log:type=AVC msg=audit(1264465580.327:1536): avc:  denied  { rlimitinh } for  pid=2704 comm="udev-acl.ck" scontext=system_u:system_r:consolekit_t:s0-s0:c0.c1023 tcontext=system_u:system_r:udev_t:s0-s0:c0.c1023 tclass=process
/var/log/audit/audit.log:type=AVC msg=audit(1264465580.327:1536): avc:  denied  { siginh } for  pid=2704 comm="udev-acl.ck" scontext=system_u:system_r:consolekit_t:s0-s0:c0.c1023 tcontext=system_u:system_r:udev_t:s0-s0:c0.c1023 tclass=process
/var/log/audit/audit.log:type=AVC msg=audit(1264465591.122:1562): avc:  denied  { noatsecure } for  pid=2811 comm="udev-acl.ck" scontext=system_u:system_r:consolekit_t:s0-s0:c0.c1023 tcontext=system_u:system_r:udev_t:s0-s0:c0.c1023 tclass=process
/var/log/audit/audit.log:type=AVC msg=audit(1264465591.122:1562): avc:  denied  { rlimitinh } for  pid=2811 comm="udev-acl.ck" scontext=system_u:system_r:consolekit_t:s0-s0:c0.c1023 tcontext=system_u:system_r:udev_t:s0-s0:c0.c1023 tclass=process
/var/log/audit/audit.log:type=AVC msg=audit(1264465591.122:1562): avc:  denied  { siginh } for  pid=2811 comm="udev-acl.ck" scontext=system_u:system_r:consolekit_t:s0-s0:c0.c1023 tcontext=system_u:system_r:udev_t:s0-s0:c0.c1023 tclass=process
/var/log/audit/audit.log:type=AVC msg=audit(1264465593.593:1649): avc:  denied  { noatsecure } for  pid=2848 comm="udev-acl.ck" scontext=system_u:system_r:consolekit_t:s0-s0:c0.c1023 tcontext=system_u:system_r:udev_t:s0-s0:c0.c1023 tclass=process
/var/log/audit/audit.log:type=AVC msg=audit(1264465593.593:1649): avc:  denied  { rlimitinh } for  pid=2848 comm="udev-acl.ck" scontext=system_u:system_r:consolekit_t:s0-s0:c0.c1023 tcontext=system_u:system_r:udev_t:s0-s0:c0.c1023 tclass=process
/var/log/audit/audit.log:type=AVC msg=audit(1264465593.593:1649): avc:  denied  { siginh } for  pid=2848 comm="udev-acl.ck" scontext=system_u:system_r:consolekit_t:s0-s0:c0.c1023 tcontext=system_u:system_r:udev_t:s0-s0:c0.c1023 tclass=process
/var/log/audit/audit.log:type=SYSCALL msg=audit(1264465275.292:36): arch=c000003e syscall=59 success=yes exit=0 a0=17c0980 a1=17c0910 a2=17bf010 a3=c items=0 ppid=1265 pid=1266 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="console-kit-dae" exe="/usr/sbin/console-kit-daemon" subj=system_u:system_r:consolekit_t:s0-s0:c0.c1023 key=(null)

Let me know which ones you would like to see. Previously, I was just looking through the summaries in sealert.
Comment 23 Daniel Walsh 2010-01-27 15:45:56 UTC 
I don't believe any of these are causing the problem,

 audit2allow -i  /tmp/t1


#============= consolekit_t ==============
#!!!! This avc has a dontaudit rule in the current policy

allow consolekit_t udev_t:process { siginh noatsecure rlimitinh };

#============= system_dbusd_t ==============
#!!!! This avc has a dontaudit rule in the current policy

allow system_dbusd_t consolekit_t:process { siginh noatsecure rlimitinh };


But, you could install a custom policy module to see if this fixes the problem.

# grep consolekit /var/log/audit/audit.log | audit2allow -M myconsolekit
# semodule -i myconsolekit.pp
# semodule -B
Comment 24 Harish Pillay 2010-02-13 10:24:32 UTC 
I have experienced the same problem on my F12 32-bit machine. I had to do the following (from hints from http://bbs.archlinux.org/viewtopic.php?id=63576):

In etc/dbus-1/system.d/nm-applet.conf, I had to add the following for my userid:

<!-- harish's hack -->
    <policy user="harish">
        <allow own="org.freedesktop.NetworkManagerUserSettings"/>
        <allow send_destination="org.freedesktop.NetworkManagerUserSettings"/>
        <allow send_interface="org.freedesktop.NetworkManagerUserSettings"/>

        <deny send_interface="org.freedesktop.NetworkManagerSetting.Secrets"/>
    </policy>
<!-- end of harish's hack -->

I am using the "user" setting and not a group as suggested in the URL above as I do not want to create a non-standard group for this purpose.  Suffice that my immediate problem is solved.

Posted to http://harishpillay.livejournal.com/170770.html as well.

Thanks
Comment 25 Harish Pillay 2010-02-13 10:48:48 UTC 
polkit-0.95-0.git20090913.6.fc12.i686
polkit-gnome-0.95-0.git20090913.3.fc12.i686
polkit-desktop-policy-0.95-0.git20090913.3.fc12.noarch

are the policy kit versions.
Comment 26 Colin Walters 2010-02-13 13:09:21 UTC 
PolicyKit isn't involved here I'm fairly sure.  More relevant are the versions of dbus, NetworkManager, and ConsoleKit, and what login manager is being used (not using gdm is a bad idea).  The root cause of this is likely the file not being written to /var/run/console directory correctly.
Comment 27 Harish Pillay 2010-02-13 16:03:06 UTC 
OK.  Here are the relevant versions:

$ rpm -qa| grep dbus
dbus-python-0.83.0-6.fc12.i686
python-slip-dbus-0.2.7-1.fc12.noarch
eggdbus-0.5-2.i686
dbus-1.2.16-9.fc12.i686
dbus-x11-1.2.16-9.fc12.i686
dbus-libs-1.2.16-9.fc12.i686
dbus-c++-0.5.0-0.10.20090203git13281b3.fc12.i686
dbus-glib-0.82-2.fc12.i686

$ rpm -qa| grep NetworkManager
NetworkManager-openvpn-0.7.996-4.git20090923.fc12.i686
NetworkManager-pptp-0.7.996-4.git20090921.fc12.i686
NetworkManager-gnome-0.7.997-2.git20091214.fc12.i686
NetworkManager-0.7.997-2.git20091214.fc12.i686
NetworkManager-vpnc-0.7.996-4.git20090921.fc12.i686
NetworkManager-glib-0.7.997-2.git20091214.fc12.i686

$ rpm -qa| grep ConsoleKit
ConsoleKit-libs-0.4.1-3.fc12.i686
ConsoleKit-x11-0.4.1-3.fc12.i686
ConsoleKit-0.4.1-3.fc12.i686
[ajay@acer ~]$ rpm -qa| grep gdm
pulseaudio-gdm-hooks-0.9.21-4.fc12.i686
plymouth-gdm-hooks-0.8.0-0.2009.29.09.19.3.fc12.i686
gdm-plugin-fingerprint-2.28.2-1.fc12.i686
gdm-user-switch-applet-2.28.2-1.fc12.i686
gdm-2.28.2-1.fc12.i686

Harish
Comment 28 Kevin Kofler 2010-02-14 23:52:49 UTC 
Most likely a duplicate of bug 499183.
Comment 29 Dan Williams 2010-02-16 03:16:04 UTC 
Harish, are you logging into this system remotely using NX or something?
Comment 30 Harish Pillay 2010-02-16 05:13:37 UTC 
No, I am not logging in remotely. It is from the console.  However, yes, I do have freenx installed.  I just stopped freenx and relogged in as a user who is not defined in the nm-applet.conf file and that user does not have nm-applet running.

I have now uninstalled freenx (and nx) from the machine and logged in via the same userID that failed, and it does not seem to make a difference.

Harish
Comment 31 Juha Sahakangas 2010-03-10 19:33:41 UTC 
Yes, it's freenx problem. And having it installed is enough if the service is set up to autostart. There's "mkdir -m1777 /tmp/.X11-unix/" in /etc/init.d/freenx-server, and the directory it creates gets initscripts' selinux context rather than xserver_tmp.
Comment 32 Daniel Walsh 2010-03-10 21:27:26 UTC 

*** This bug has been marked as a duplicate of bug 499183 ***