From Bugzilla Helper: User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.8.0.1) Gecko/20060306 Fedora/1.5.0.1-7 Firefox/1.5.0.1 Description of problem: The following audit message are recorded when haldaemon is started. [root@localhost ~]# service haldaemon restart Stopping HAL daemon: [ OK ] Starting HAL daemon: [ OK ] audit2allow recommends: [root@localhost ~]# audit2allow -a allow crond_t self:process { execheap execstack }; allow dmidecode_t tmp_t:file write; allow hald_t usb_device_t:chr_file { ioctl read write }; allow load_policy_t policy_config_t:file write; allow load_policy_t semanage_read_lock_t:file { read write }; allow load_policy_t semanage_trans_lock_t:file { read write }; allow lvm_t self:capability sys_rawio; allow mount_t etc_t:file write; allow ntpd_t hald_t:fd use; allow system_mail_t crond_t:fifo_file getattr; allow unconfined_t self:process execheap; [root@localhost ~]# tail -f /var/log/audit/audit.log type=AVC msg=audit(1141842428.568:29): avc: denied { read write } for pid=2787 comm="hald-addon-usb-" name="006" dev=tmpfs ino=17771 scontext=user_u:system_r:hald_t:s0 tcontext=system_u:object_r:usb_device_t:s0 tclass=chr_file type=SYSCALL msg=audit(1141842428.568:29): arch=40000003 syscall=5 success=yes exit=5 a0=bfc87f3e a1=2 a2=1 a3=bfc87f3e items=1 pid=2787 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 comm="hald-addon-usb-" exe="/usr/libexec/hald-addon-usb-csr" type=CWD msg=audit(1141842428.568:29): cwd="/usr/libexec" type=PATH msg=audit(1141842428.568:29): item=0 name="/dev/bus/usb/001/006" flags=101 inode=17771 dev=00:0f mode=020644 ouid=0 ogid=0 rdev=bd:05 type=AVC msg=audit(1141842428.568:30): avc: denied { ioctl } for pid=2787 comm="hald-addon-usb-" name="006" dev=tmpfs ino=17771 scontext=user_u:system_r:hald_t:s0 tcontext=system_u:object_r:usb_device_t:s0 tclass=chr_file type=SYSCALL msg=audit(1141842428.568:30): arch=40000003 syscall=54 success=yes exit=0 a0=5 a1=40085511 a2=bfc87f34 a3=bfc87f3e items=0 pid=2787 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 comm="hald-addon-usb-" exe="/usr/libexec/hald-addon-usb-csr" type=AVC_PATH msg=audit(1141842428.568:30): path="/dev/bus/usb/001/006" type=AVC msg=audit(1141842518.619:31): avc: denied { read write } for pid=2787 comm="hald-addon-usb-" name="006" dev=tmpfs ino=17771 scontext=user_u:system_r:hald_t:s0 tcontext=system_u:object_r:usb_device_t:s0 tclass=chr_file type=SYSCALL msg=audit(1141842518.619:31): arch=40000003 syscall=5 success=yes exit=5 a0=bfc87e1e a1=2 a2=1 a3=bfc87e1e items=1 pid=2787 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 comm="hald-addon-usb-" exe="/usr/libexec/hald-addon-usb-csr" type=CWD msg=audit(1141842518.619:31): cwd="/usr/libexec" type=PATH msg=audit(1141842518.619:31): item=0 name="/dev/bus/usb/001/006" flags=101 inode=17771 dev=00:0f mode=020644 ouid=0 ogid=0 rdev=bd:05 type=AVC msg=audit(1141842518.619:32): avc: denied { ioctl } for pid=2787 comm="hald-addon-usb-" name="006" dev=tmpfs ino=17771 scontext=user_u:system_r:hald_t:s0 tcontext=system_u:object_r:usb_device_t:s0 tclass=chr_file type=SYSCALL msg=audit(1141842518.619:32): arch=40000003 syscall=54 success=yes exit=0 a0=5 a1=40085511 a2=bfc87e14 a3=bfc87e1e items=0 pid=2787 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 comm="hald-addon-usb-" exe="/usr/libexec/hald-addon-usb-csr" type=AVC_PATH msg=audit(1141842518.619:32): path="/dev/bus/usb/001/006" Version-Release number of selected component (if applicable): selinux-policy-targeted-2.2.23-6, hal-0.5.7-3 How reproducible: Always Steps to Reproduce: 1. tail -f /var/log/audit/audit.log 2. service restart haldaemon 3. Actual Results: avc denied messages Expected Results: clean run Additional info:
Fixed in selinux-policy-targeted-2.2.23-8
The messages no longer appear in today's rawhide (selinux-policy-targeted-2.2.23-11).