Bug 211709 - SELinux prevents hal-system-power-pmu from working on PowerBook
SELinux prevents hal-system-power-pmu from working on PowerBook
Product: Fedora
Classification: Fedora
Component: policy (Show other bugs)
powerpc Linux
medium Severity medium
: ---
: ---
Assigned To: Daniel Walsh
Ben Levenson
Depends On:
  Show dependency treegraph
Reported: 2006-10-20 19:45 EDT by Will Woods
Modified: 2007-11-30 17:11 EST (History)
2 users (show)

See Also:
Fixed In Version: 2.4-3
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Last Closed: 2006-11-27 10:38:20 EST
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)
generated hal-pmu.te (176 bytes, text/plain)
2006-10-23 14:03 EDT, Will Woods
no flags Details

  None (edit)
Description Will Woods 2006-10-20 19:45:16 EDT
type=AVC msg=audit(1161385622.692:33): avc:  denied  { read write } for 
pid=3059 comm="hal-system-powe" name="pmu" dev=tmpfs ino=3662
tcontext=system_u:object_r:power_device_t:s0 tclass=chr_file

I think this interferes with suspend/resume on the powerbook?

Also, checkmodule isn't working so I can't make a custom policy to fix this. Grr.
Comment 1 Daniel Walsh 2006-10-23 10:21:09 EDT
Fixed in selinux-policy-2.4-3

What is wrong with checkmodule.
Comment 2 Will Woods 2006-10-23 10:38:59 EDT
Probably a separate bug, but:

[root@albook local]#  grep avc /var/log/audit/audit.log | tail -n1  |
audit2allow -M hal-pmu
Generating type enforcment file: hal-pmu.te
Compiling policy
checkmodule -M -m -o hal-pmu.mod hal-pmu.te
/usr/bin/audit2allow: (unknown source)::ERROR 'syntax error' at token 'hal-pmu'
on line 1:

checkmodule:  error(s) encountered while parsing configuration
checkmodule:  loading policy configuration from hal-pmu.te
Comment 3 Daniel Walsh 2006-10-23 12:40:15 EDT
Could you attach hal-pmu.te?
Comment 4 Will Woods 2006-10-23 14:03:21 EDT
Created attachment 139150 [details]
generated hal-pmu.te
Comment 5 Daniel Walsh 2006-10-23 14:20:26 EDT
Looks like you are not allowed to have a "-" in the module name.  Remove this
and you can build the module.
Comment 6 Will Woods 2006-10-23 16:32:58 EDT
That seems to have worked. Is that worth submitting a bug about?

Either way, I guess the original issue is fixed. Thanks!
Comment 7 Daniel Walsh 2006-10-23 16:53:54 EDT
Could you bug policycoreutils so that audit2allow would throw an error if you
give a bad module name.
Comment 8 Will Woods 2006-11-27 10:38:20 EST
see bug #217369 for that issue.

Note You need to log in before you can comment on or make changes to this bug.