Description of problem: hal 0.5.9 seems to need to be able to do more things than targeted policy 2.5.2-5.fc7 allowed for previous versions Version-Release number of selected component (if applicable): 2.5.2-5.fc7 How reproducible: Always Steps to Reproduce: 1. try to start the haldaemon service Additional info: My audit log shows: type=AVC msg=audit(1170866731.434:8): avc: denied { write } for pid=3137 comm="hald-generate-f" name="hald" dev=dm-0 ino=6809187 scontext=system_u:system_r:hald_t:s0 tcontext=system_u:object_r:var_t:s0 tclass=dir type=AVC msg=audit(1170866868.580:19): avc: denied { write } for pid=3513 comm="hald-generate-f" name="hald" dev=dm-0 ino=6809187 scontext=system_u:system_r:hald_t:s0 tcontext=system_u:object_r:var_t:s0 tclass=dir This appears to be triggered by hald-generate-fdi-cache.
*** Bug 227713 has been marked as a duplicate of this bug. ***
Here's my audit message: avc: denied { write } for comm="hald-generate-f" dev=dm-3 egid=0 euid=0 exe="/usr/libexec/hald-generate-fdi-cache" exit=-13 fsgid=0 fsuid=0 gid=0 items=0 name="hald" pid=3570 scontext=user_u:system_r:hald_t:s0 sgid=0 subj=user_u:system_r:hald_t:s0 suid=0 tclass=dir tcontext=system_u:object_r:var_t:s0 tty=(none) uid=0
Fixed in selinux-policy-2.5.2-7
(In reply to comment #3) > Fixed in selinux-policy-2.5.2-7 > I've selinux-policy-2.6.1-1.fc7. My audit message: avc: denied { write } for pid=2893 comm="hald-generate-f" name="hald" dev=dm-0 ino=32670049 scontext=user_u:system_r:hald_t:s0 tcontext=system_u:object_r:var_t:s0 tclass=dir
(In reply to comment #4) > (In reply to comment #3) > > Fixed in selinux-policy-2.5.2-7 > > > > I've selinux-policy-2.6.1-1.fc7. > > My audit message: > avc: denied { write } for pid=2893 comm="hald-generate-f" name="hald" > dev=dm-0 ino=32670049 scontext=user_u:system_r:hald_t:s0 > tcontext=system_u:object_r:var_t:s0 tclass=dir A "touch /.autorelabel && reboot" did it!
Should be fixed in the current release