211709 – SELinux prevents hal-system-power-pmu from working on PowerBook

Bug 211709 - SELinux prevents hal-system-power-pmu from working on PowerBook

Summary: SELinux prevents hal-system-power-pmu from working on PowerBook

Status:	CLOSED CURRENTRELEASE
Alias:	None
Product:	Fedora
Classification:	Fedora
Component:	policy
Sub Component:	(Show other bugs)
Version:	rawhide
Hardware:	powerpc Linux
Priority:	medium
Severity:	medium
Target Milestone:	---
Assignee:	Daniel Walsh
QA Contact:	Ben Levenson
Docs Contact:
URL:
Whiteboard:
Keywords:
Depends On:
Blocks:
TreeView+	depends on / blocked

Reported:	2006-10-20 23:45 UTC by Will Woods
Modified:	2007-11-30 22:11 UTC (History)
CC List:	2 users (show)
Fixed In Version:	2.4-3
Doc Type:	Bug Fix
Doc Text:
Story Points:	---
Clone Of:
Environment:
Last Closed:	2006-11-27 15:38:20 UTC
Type:	---
Regression:	---
Mount Type:	---
Documentation:	---
CRM:
Verified Versions:
Category:	---
oVirt Team:	---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team:	---
Dependent Products:

Attachments	(Terms of Use)
generated hal-pmu.te (176 bytes, text/plain) 2006-10-23 18:03 UTC, Will Woods	no flags	Details
Add an attachment (proposed patch, testcase, etc.)

Description Will Woods 2006-10-20 23:45:16 UTC

type=AVC msg=audit(1161385622.692:33): avc:  denied  { read write } for 
pid=3059 comm="hal-system-powe" name="pmu" dev=tmpfs ino=3662
scontext=system_u:system_r:hald_t:s0
tcontext=system_u:object_r:power_device_t:s0 tclass=chr_file

I think this interferes with suspend/resume on the powerbook?

Also, checkmodule isn't working so I can't make a custom policy to fix this. Grr.

Comment 1 Daniel Walsh 2006-10-23 14:21:09 UTC

Fixed in selinux-policy-2.4-3

What is wrong with checkmodule.

Comment 2 Will Woods 2006-10-23 14:38:59 UTC

Probably a separate bug, but:

[root@albook local]#  grep avc /var/log/audit/audit.log | tail -n1  |
audit2allow -M hal-pmu
Generating type enforcment file: hal-pmu.te
Compiling policy
checkmodule -M -m -o hal-pmu.mod hal-pmu.te
/usr/bin/audit2allow: (unknown source)::ERROR 'syntax error' at token 'hal-pmu'
on line 1:


checkmodule:  error(s) encountered while parsing configuration
checkmodule:  loading policy configuration from hal-pmu.te

Comment 3 Daniel Walsh 2006-10-23 16:40:15 UTC

Could you attach hal-pmu.te?

Comment 4 Will Woods 2006-10-23 18:03:21 UTC

Created attachment 139150 [details]
generated hal-pmu.te

Comment 5 Daniel Walsh 2006-10-23 18:20:26 UTC

Looks like you are not allowed to have a "-" in the module name.  Remove this
and you can build the module.

Comment 6 Will Woods 2006-10-23 20:32:58 UTC

That seems to have worked. Is that worth submitting a bug about?

Either way, I guess the original issue is fixed. Thanks!

Comment 7 Daniel Walsh 2006-10-23 20:53:54 UTC

Could you bug policycoreutils so that audit2allow would throw an error if you
give a bad module name.

Comment 8 Will Woods 2006-11-27 15:38:20 UTC

see bug #217369 for that issue.

Note You need to log in before you can comment on or make changes to this bug.