Hide Forgot
type=AVC msg=audit(1161385622.692:33): avc: denied { read write } for pid=3059 comm="hal-system-powe" name="pmu" dev=tmpfs ino=3662 scontext=system_u:system_r:hald_t:s0 tcontext=system_u:object_r:power_device_t:s0 tclass=chr_file I think this interferes with suspend/resume on the powerbook? Also, checkmodule isn't working so I can't make a custom policy to fix this. Grr.
Fixed in selinux-policy-2.4-3 What is wrong with checkmodule.
Probably a separate bug, but: [root@albook local]# grep avc /var/log/audit/audit.log | tail -n1 | audit2allow -M hal-pmu Generating type enforcment file: hal-pmu.te Compiling policy checkmodule -M -m -o hal-pmu.mod hal-pmu.te /usr/bin/audit2allow: (unknown source)::ERROR 'syntax error' at token 'hal-pmu' on line 1: checkmodule: error(s) encountered while parsing configuration checkmodule: loading policy configuration from hal-pmu.te
Could you attach hal-pmu.te?
Created attachment 139150 [details] generated hal-pmu.te
Looks like you are not allowed to have a "-" in the module name. Remove this and you can build the module.
That seems to have worked. Is that worth submitting a bug about? Either way, I guess the original issue is fixed. Thanks!
Could you bug policycoreutils so that audit2allow would throw an error if you give a bad module name.
see bug #217369 for that issue.