# service haldaemon start Starting HAL daemon: [FAILED] Feb 14 11:51:47 localhost kernel: audit(1139935907.611:110): avc: denied { setgid } for pid=3337 comm="hald" capability=6 scontext=user_u:system_r:hald_t:s0 tcontext=user_u:system_r:hald_t:s0 tclass=capability # setenforce 0 # service haldaemon start Starting HAL daemon: [ OK ] # audit2allow -l -i /var/log/messages allow NetworkManager_t etc_t:file unlink; allow NetworkManager_t kernel_t:fd use; allow automount_t kernel_t:fd use; allow avahi_t kernel_t:fd use; allow consoletype_t ptmx_t:chr_file { read write }; allow cpuspeed_t kernel_t:fd use; allow cupsd_config_t kernel_t:fd use; allow cupsd_t kernel_t:fd use; allow dhcpc_t etc_t:file write; allow fsadm_t etc_t:file write; allow fsadm_t kernel_t:fd use; allow getty_t kernel_t:fd use; allow gpm_t kernel_t:fd use; allow hald_t self:capability setgid; allow hald_t kernel_t:fd use; allow hostname_t kernel_t:fd use; allow hwclock_t kernel_t:fd use; allow ifconfig_t ptmx_t:chr_file { read write }; allow irqbalance_t kernel_t:fd use; allow klogd_t kernel_t:fd use; allow mount_t etc_t:file write; allow mount_t kernel_t:fd use; allow netutils_t kernel_t:fd use; allow pam_console_t ptmx_t:chr_file { read write }; allow portmap_t kernel_t:fd use; allow readahead_t kernel_t:fd use; allow restorecon_t ptmx_t:chr_file { read write }; allow rpcd_t kernel_t:fd use; allow syslogd_t kernel_t:fd use; allow system_dbusd_t kernel_t:fd use; allow unconfined_t self:process execstack;
This is due to the latest HAL dropping privileges and using a helper daemon to execute scripts that need access to root. David can you elaborate?
Can't we give me a heads up before these things hit rawhide? Please check your code with selinux in enforcing mode before building into rawhide. Fixed in selinux-policy-2.2.15-1 Dan
Works for me
Yep, works for me too. And you've gotta love that 18 minute turnaround.
*** Bug 181542 has been marked as a duplicate of this bug. ***
*** Bug 181522 has been marked as a duplicate of this bug. ***