Description of problem: Recent versions of NetworkManager use dbus signals to control actions related to suspend/resume (among others). The suspend script runs without error when executed from the command line, but produces these errors when invoked by pressing the suspend key. On suspend, /var/log/debug reports: Oct 22 12:59:14 vincent52 dbus: Can't send to audit system: USER_AVC pid=2180 uid=81 loginuid=-1 message=avc: denied { send_msg } for msgtype=method_call interface=org.freedesktop.NetworkManager member=sleep dest=org.freedesktop.NetworkManager spid=31524 tpid=2239 scontext=system_u:system_r:apmd_t tcontext=system_u:system_r:NetworkManager_t tclass=dbus On resume, /var/log/debug reports: Oct 22 12:59:39 vincent52 dbus: Can't send to audit system: USER_AVC pid=2180 uid=81 loginuid=-1 message=avc: denied { send_msg } for msgtype=method_call interface=org.freedesktop.NetworkManager member=wake dest=org.freedesktop.NetworkManager spid=31542 tpid=2239 scontext=system_u:system_r:apmd_t tcontext=system_u:system_r:NetworkManager_t tclass=dbus No messages appear in /var/log/audit/audit.log. The relevant section of the suspend script is: /usr/bin/dbus-send --system --dest=org.freedesktop.NetworkManager \ --type=method_call /org/freedesktop/NetworkManager \ org.freedesktop.NetworkManager.sleep sync echo -n "mem" > /sys/power/state /usr/bin/dbus-send --system --dest=org.freedesktop.NetworkManager \ --type=method_call /org/freedesktop/NetworkManager \ org.freedesktop.NetworkManager.wake Version-Release number of selected component (if applicable): selinux-policy-targeted-1.27.1-2.7 How reproducible: Always Steps to Reproduce: 1. Run NetworkManager 2. Suspend via acpid (close lid or press sleep button) 3. Resume Actual results: As described above. NM is confused if suspended and resumed in different locations, attempts to connect to old WAP, which is no longer accessible. Expected results: No errors. NM takes actions specified for suspend/resume. In particular, drops memory of scanned netowrks on suspend and initiates fresh scan on resume. Additional info:
This seems to be working now as of selinux-policy-targeted-1.27.1-2.11.
No, I was wrong. I am seeing these messages with kernel-2.6.14-1.1637_FC4.
Looks like the fix is in selinux-policy-targeted-1.27.1-2.14, unless you are seeing other AVC messages?
Well, now that you mention it, I still have this in audit.log: type=AVC msg=audit(1133557214.518:354): avc: denied { execute } for pid=28915 comm="ifdown" name="functions" dev=dm-0 ino=16571 scontext=system_u:system_r:NetworkManager_t tcontext=system_u:object_r:etc_t tclass=file NetworkManager suspend/resume does seem to function, however.
Not that it's unexpected, but I'm still seeing this with selinux-policy-targeted-1.27.1-2.16.
Closing as these have been marked as modified, for a while. Feel free to reopen if not fixed