216237 – Suspend and Hibernate conflicting with SELinux

Bug 216237 - Suspend and Hibernate conflicting with SELinux

Summary: Suspend and Hibernate conflicting with SELinux

Keywords:
Status:	CLOSED CURRENTRELEASE
Alias:	None
Product:	Red Hat Enterprise Linux 5
Classification:	Red Hat
Component:	selinux-policy-targeted
Sub Component:
Version:	5.0
Hardware:	All
OS:	Linux
Priority:	high
Severity:	medium
Target Milestone:	---
Target Release:	---
Assignee:	Daniel Walsh
QA Contact:
Docs Contact:
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+	depends on / blocked

Reported:	2006-11-17 22:05 UTC by Daniel Riek
Modified:	2007-11-30 22:07 UTC (History)
CC List:	3 users (show)
Fixed In Version:	5.0.0
Doc Type:	Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed:	2006-12-19 13:59:17 UTC
Target Upstream Version:
Embargoed:
Dependent Products:

Attachments	(Terms of Use)

Description Daniel Riek 2006-11-17 22:05:15 UTC

With selinux-policy-targeted-2.4.4-2 and gnome-power-manager-2.16.0-6.el5
suspend is prevented by SELinux.

type=AVC msg=audit(1163798430.914:222): avc:  denied  { write } for  pid=30943
comm="touch" name="hal" dev=dm-0 ino=2060499
scontext=system_u:system_r:hald_t:s0 tcontext=system_u:object_r:var_lib_t:s0
tclass=dir
type=AVC msg=audit(1163798430.914:222): avc:  denied  { add_name } for 
pid=30943 comm="touch" name="system-power-suspend-output"
scontext=system_u:system_r:hald_t:s0 tcontext=system_u:object_r:var_lib_t:s0
tclass=dir
type=AVC msg=audit(1163798430.914:222): avc:  denied  { create } for  pid=30943
comm="touch" name="system-power-suspend-output"
scontext=system_u:system_r:hald_t:s0 tcontext=system_u:object_r:var_lib_t:s0
tclass=file
type=SYSCALL msg=audit(1163798430.914:222): arch=40000003 syscall=5 success=yes
exit=0 a0=bfb5b689 a1=8941 a2=1b6 a3=8941 items=0 ppid=30931 pid=30943
auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0
tty=(none) comm="touch" exe="/bin/touch" subj=system_u:system_r:hald_t:s0 key=(null)
type=AVC msg=audit(1163798430.916:223): avc:  denied  { write } for  pid=30943
comm="touch" name="system-power-suspend-output" dev=dm-0 ino=2060431
scontext=system_u:system_r:hald_t:s0 tcontext=system_u:object_r:var_lib_t:s0
tclass=file
type=SYSCALL msg=audit(1163798430.916:223): arch=40000003 syscall=271
success=yes exit=0 a0=bfb59e64 a1=0 a2=456e6ff4 a3=0 items=0 ppid=30931
pid=30943 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0
fsgid=0 tty=(none) comm="touch" exe="/bin/touch"
subj=system_u:system_r:hald_t:s0 key=(null)
type=AVC msg=audit(1163798430.918:224): avc:  denied  { getattr } for  pid=30944
comm="chmod" name="system-power-suspend-output" dev=dm-0 ino=2060431
scontext=system_u:system_r:hald_t:s0 tcontext=system_u:object_r:var_lib_t:s0
tclass=file
type=SYSCALL msg=audit(1163798430.918:224): arch=40000003 syscall=195
success=yes exit=0 a0=83f42dc a1=83f427c a2=456e6ff4 a3=83f4240 items=0
ppid=30931 pid=30944 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0
sgid=0 fsgid=0 tty=(none) comm="chmod" exe="/bin/chmod"
subj=system_u:system_r:hald_t:s0 key=(null)
type=AVC_PATH msg=audit(1163798430.918:224): 
path="/var/lib/hal/system-power-suspend-output"
type=AVC msg=audit(1163798430.918:225): avc:  denied  { setattr } for  pid=30944
comm="chmod" name="system-power-suspend-output" dev=dm-0 ino=2060431
scontext=system_u:system_r:hald_t:s0 tcontext=system_u:object_r:var_lib_t:s0
tclass=file
type=SYSCALL msg=audit(1163798430.918:225): arch=40000003 syscall=15 success=yes
exit=0 a0=83f3090 a1=1a4 a2=8051594 a3=0 items=0 ppid=30931 pid=30944
auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0
tty=(none) comm="chmod" exe="/bin/chmod" subj=system_u:system_r:hald_t:s0 key=(null)
type=AVC msg=audit(1163798430.918:226): avc:  denied  { append } for  pid=30931
comm="hal-system-powe" name="system-power-suspend-output" dev=dm-0 ino=2060431
scontext=system_u:system_r:hald_t:s0 tcontext=system_u:object_r:var_lib_t:s0
tclass=file
type=SYSCALL msg=audit(1163798430.918:226): arch=40000003 syscall=5 success=yes
exit=3 a0=8e47f98 a1=8441 a2=1b6 a3=8441 items=0 ppid=3325 pid=30931
auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0
tty=(none) comm="hal-system-powe" exe="/bin/bash"
subj=system_u:system_r:hald_t:s0 key=(null)
type=AVC msg=audit(1163798431.987:227): avc:  denied  { append } for  pid=30947
comm="bash" name="system-power-suspend-output" dev=dm-0 ino=2060431
scontext=system_u:system_r:hald_t:s0 tcontext=system_u:object_r:var_lib_t:s0
tclass=file
type=SYSCALL msg=audit(1163798431.987:227): arch=40000003 syscall=4 success=yes
exit=23 a0=2 a1=b7f52000 a2=17 a3=17 items=0 ppid=30931 pid=30947
auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0
tty=(none) comm="bash" exe="/bin/bash" subj=system_u:system_r:hald_t:s0 key=(null)
type=AVC_PATH msg=audit(1163798431.987:227): 
path="/var/lib/hal/system-power-suspend-output"
type=AVC msg=audit(1163798434.123:228): avc:  denied  { getattr } for  pid=31030
comm="awk" name="system-power-suspend-output" dev=dm-0 ino=2060431
scontext=system_u:system_r:hald_t:s0 tcontext=system_u:object_r:var_lib_t:s0
tclass=file
type=SYSCALL msg=audit(1163798434.123:228): arch=40000003 syscall=197
success=yes exit=0 a0=2 a1=bfcf30d4 a2=456e6ff4 a3=bfcf30d4 items=0 ppid=31028
pid=31030 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0
fsgid=0 tty=(none) comm="awk" exe="/bin/gawk" subj=system_u:system_r:hald_t:s0
key=(null)
type=AVC_PATH msg=audit(1163798434.123:228): 
path="/var/lib/hal/system-power-suspend-output"
type=USYS_CONFIG msg=audit(1163798437.999:229): user pid=31230 uid=0
auid=4294967295 subj=system_u:system_r:hwclock_t:s0 msg='changing system time:
exe="/sbin/hwclock" (hostname=?, addr=?, terminal=? res=success)'
type=USYS_CONFIG msg=audit(1163798447.998:230): user pid=31286 uid=0
auid=4294967295 subj=system_u:system_r:hwclock_t:s0 msg='changing system time:
exe="/sbin/hwclock" (hostname=?, addr=?, terminal=? res=success)'
type=AVC msg=audit(1163798448.239:231): avc:  denied  { append } for  pid=30947
comm="bash" name="system-power-suspend-output" dev=dm-0 ino=2060431
scontext=system_u:system_r:hald_t:s0 tcontext=system_u:object_r:var_lib_t:s0
tclass=file
type=SYSCALL msg=audit(1163798448.239:231): arch=40000003 syscall=4 success=yes
exit=23 a0=2 a1=b7f52000 a2=17 a3=17 items=0 ppid=30931 pid=30947
auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0
tty=(none) comm="bash" exe="/bin/bash" subj=system_u:system_r:hald_t:s0 key=(null)
type=AVC_PATH msg=audit(1163798448.239:231): 
path="/var/lib/hal/system-power-suspend-output"
type=AVC msg=audit(1163798448.261:232): avc:  denied  { getattr } for  pid=31370
comm="awk" name="system-power-suspend-output" dev=dm-0 ino=2060431
scontext=system_u:system_r:hald_t:s0 tcontext=system_u:object_r:var_lib_t:s0
tclass=file
type=SYSCALL msg=audit(1163798448.261:232): arch=40000003 syscall=197
success=yes exit=0 a0=2 a1=bfd3b854 a2=456e6ff4 a3=bfd3b854 items=0 ppid=31368
pid=31370 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0
fsgid=0 tty=(none) comm="awk" exe="/bin/gawk" subj=system_u:system_r:hald_t:s0
key=(null)
type=AVC_PATH msg=audit(1163798448.261:232): 
path="/var/lib/hal/system-power-suspend-output"
type=AVC msg=audit(1163798454.674:233): avc:  denied  { write } for  pid=31448
comm="rm" name="hal" dev=dm-0 ino=2060499 scontext=system_u:system_r:hald_t:s0
tcontext=system_u:object_r:var_lib_t:s0 tclass=dir
type=AVC msg=audit(1163798454.674:233): avc:  denied  { remove_name } for 
pid=31448 comm="rm" name="system-power-suspend-output" dev=dm-0 ino=2060431
scontext=system_u:system_r:hald_t:s0 tcontext=system_u:object_r:var_lib_t:s0
tclass=dir
type=AVC msg=audit(1163798454.674:233): avc:  denied  { unlink } for  pid=31448
comm="rm" name="system-power-suspend-output" dev=dm-0 ino=2060431
scontext=system_u:system_r:hald_t:s0 tcontext=system_u:object_r:var_lib_t:s0
tclass=file
type=SYSCALL msg=audit(1163798454.674:233): arch=40000003 syscall=10 success=yes
exit=0 a0=bfc5068f a1=0 a2=805277c a3=bfc4f8b4 items=0 ppid=31447 pid=31448
auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0
tty=(none) comm="rm" exe="/bin/rm" subj=system_u:system_r:hald_t:s0 key=(null)

Comment 2 Daniel Walsh 2006-11-20 18:28:53 UTC

Already fixed in selinux-policy-2.4.5-1

Comment 3 James Laska 2006-12-05 15:03:28 UTC

No problems suspending laptop when testing with selinux-policy-2.4.6-3.el5

Comment 4 Jay Turner 2006-12-19 13:59:17 UTC

selinux-policy-2.4.6-15.el5 included in 20061218.1 trees.

Note You need to log in before you can comment on or make changes to this bug.