Bug 211709 - SELinux prevents hal-system-power-pmu from working on PowerBook
Summary: SELinux prevents hal-system-power-pmu from working on PowerBook
Alias: None
Product: Fedora
Classification: Fedora
Component: policy
Version: rawhide
Hardware: powerpc
OS: Linux
Target Milestone: ---
Assignee: Daniel Walsh
QA Contact: Ben Levenson
Depends On:
TreeView+ depends on / blocked
Reported: 2006-10-20 23:45 UTC by Will Woods
Modified: 2007-11-30 22:11 UTC (History)
2 users (show)

Clone Of:
Last Closed: 2006-11-27 15:38:20 UTC

Attachments (Terms of Use)
generated hal-pmu.te (176 bytes, text/plain)
2006-10-23 18:03 UTC, Will Woods
no flags Details

Description Will Woods 2006-10-20 23:45:16 UTC
type=AVC msg=audit(1161385622.692:33): avc:  denied  { read write } for 
pid=3059 comm="hal-system-powe" name="pmu" dev=tmpfs ino=3662
tcontext=system_u:object_r:power_device_t:s0 tclass=chr_file

I think this interferes with suspend/resume on the powerbook?

Also, checkmodule isn't working so I can't make a custom policy to fix this. Grr.

Comment 1 Daniel Walsh 2006-10-23 14:21:09 UTC
Fixed in selinux-policy-2.4-3

What is wrong with checkmodule.

Comment 2 Will Woods 2006-10-23 14:38:59 UTC
Probably a separate bug, but:

[root@albook local]#  grep avc /var/log/audit/audit.log | tail -n1  |
audit2allow -M hal-pmu
Generating type enforcment file: hal-pmu.te
Compiling policy
checkmodule -M -m -o hal-pmu.mod hal-pmu.te
/usr/bin/audit2allow: (unknown source)::ERROR 'syntax error' at token 'hal-pmu'
on line 1:

checkmodule:  error(s) encountered while parsing configuration
checkmodule:  loading policy configuration from hal-pmu.te

Comment 3 Daniel Walsh 2006-10-23 16:40:15 UTC
Could you attach hal-pmu.te?

Comment 4 Will Woods 2006-10-23 18:03:21 UTC
Created attachment 139150 [details]
generated hal-pmu.te

Comment 5 Daniel Walsh 2006-10-23 18:20:26 UTC
Looks like you are not allowed to have a "-" in the module name.  Remove this
and you can build the module.

Comment 6 Will Woods 2006-10-23 20:32:58 UTC
That seems to have worked. Is that worth submitting a bug about?

Either way, I guess the original issue is fixed. Thanks!

Comment 7 Daniel Walsh 2006-10-23 20:53:54 UTC
Could you bug policycoreutils so that audit2allow would throw an error if you
give a bad module name.

Comment 8 Will Woods 2006-11-27 15:38:20 UTC
see bug #217369 for that issue.

Note You need to log in before you can comment on or make changes to this bug.