Red Hat Bugzilla – Bug 158002
actions scripts do not have proper selinux premissions
Last modified: 2007-11-30 17:11:06 EST
From Bugzilla Helper:
User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.7.8) Gecko/20050513 Fedora/1.0.4-1.3.1 StumbleUpon/1.9993 Firefox/1.0.4
Description of problem:
I have FC4T3 synced up to the latest dev changes (5/15/05). I'm having trouble with getting acpi actions to work with SElinux enabled. I made a lid event in /etc/acpi/events that invokes a sleep script in /etc/acpi/actions/sleep.sh. The sleep script does a touch /tmp/suspend and then 'echo mem> /sys/power/state'. I set the context to system_u:object_r:etc_t, same as the /etc/acpi/events/sample.conf.
When I close the lid the system doesn't suspend. The /var/logs/acpid says that 'touch: cannot touch '/tmp/suspended': Permission denied' and /etc/acpi/actions/sleep.sh: line 5: /sys/power/state: Permission denied'. The /var/logs/audit/audit.log say 'type=(null) msg=(null)' about 20 times, but no other info.
If I setenforce 0 and close the lid then all works fine.
Version-Release number of selected component (if applicable):
Steps to Reproduce:
1.install sleep.sh action script into /etc/acpi/actions
2.set up lid event to invoke sleep.sh
Actual Results: Computer doesn't suspend because permission is denied
Expected Results: echo to /sys/power/state should succeed and the sustem should suspend
Uli - weren't you seeing this as well?
Dan - I'm assuming this needs fixed in policy, not in acpid itself.
acpi is now allowed to write to /sys/power
Fixed in latest policy selinux-policy-targeted-1.23.15-5