Hide Forgot
Description of problem: type=USER_AVC msg=audit(1457620723.473:779): pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='avc: denied { status } for auid=n/a uid=0 gid=0 path="/usr/lib/systemd/system/poweroff.target" cmdline="/sbin/poweroff" scontext=system_u:system_r:xdm_t:s0-s0:c0.c1023 tcontext=system_u:object_r:power_unit_file_t:s0 tclass=service exe="/usr/lib/systemd/systemd" sauid=0 hostname=? addr=? terminal=?' I suspect this interferes with kdm's shutdown ability, but haven't tested. See also bug #951039 Version-Release number of selected component (if applicable): selinux-policy-3.13.1-60.el7_2.3.noarch
Orion, could test a local policy to see if you are able to do shutdown? --- policy_module(myxdm, 1.0) require { type xdm_t; } #============= xdm_t ============== systemd_status_power_services(xdm_t) --- # make -f /usr/share/selinux/devel/Makefile myxdm.pp # semodule -i myxdm.pp
So it turns out that it doesn't prevent kdm from being able to do a shutdown, so not a real problem. Addid myxdm does remove the denial though.
Are you getting any AVCs?
Not after adding myxdm.pp.
Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory, and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://rhn.redhat.com/errata/RHBA-2016-2283.html