Let me guess? You're not logged in via gdm? Cuz if that's the case then please
close this as a dup of bug 228110 or one if it's dependents. Thanks.

I am logged in via GDM

 - what are the versions of hal, gdm, ConsoleKit? Latest Rawhide?
 - from your session what is the value of $XDG_SESSION_COOKIE ?
 - is there a process of name 'console-kit-daemon' running?
 - as root, please paste the output of 'cat /var/lib/hal/acl-list'

Thanks.

This is the latest Development as of 20th of February 2007.

hal-0.5.9-0.git20070218.fc7
gdm-2.17.6-4.fc7
ConsoleKit-0.1.0-5.fc7

XDG_SESSION_COOKIE doesn't exist.

console-kit-daemon is running.

/var/lib/hal/acl-list is empty.

Interesting - this suggests either ConsoleKit or gdm is buggy. You're logging in
on a local console right?

Absolutely my good man

Is this a one-time thing that happened or can you reproduce it?

Also, are you running in SELinux enforcing mode? If so, please try permissive
and note that the fix for bug 229159 still haven't hit rawhide...

SELinux is in enforcing mode, entirely as is the Fedora default. The issue
persists betweeen reboots.

Sigh. As if I didn't know that enforcing mode is the Fedora default. Please
realize that the way SELinux currently works such issues like AVC denials will
crop up as long as the policy and source are kept in two different packages. For
more rants about this see bug 229159 (which was filed before the new hal package
was available in Rawhide). The good thing is that this might get resolved. 

Anyway, since I can't read your mind nor log into your box (and I wouldn't want
to do neither :-)), it would be useful if you actually answered the question in
comment 8. Does it work in permissive mode? Would also be bloody useful if you
mentioned whether there was AVC denials. Thanks.

David, please relax, I am working as fast as I can, you asked if I was running
SELinux and I told you I was running the default setup in that respect. 

It works when in permissive mode but under enforcing mode I saw no avc denials
which strikes me as odd. Could there be something preventing SELinux from
logging the denials?

Odd, they turn up now.. ah well I hope these are helpful.

type=AVC msg=audit(1172086964.904:16): avc:  denied  { setattr } for  pid=2843
comm="setfacl" name="adsp" dev=tmpfs ino=6237
scontext=system_u:system_r:hald_t:s0
tcontext=system_u:object_r:sound_device_t:s0 tclass=chr_file
type=AVC msg=audit(1172086964.904:16): avc:  denied  { fowner } for  pid=2843
comm="setfacl" capability=3 scontext=system_u:system_r:hald_t:s0
tcontext=system_u:system_r:hald_t:s0 tclass=capability
type=AVC msg=audit(1172086964.906:17): avc:  denied  { setattr } for  pid=2843
comm="setfacl" name="scd0" dev=tmpfs ino=6447
scontext=system_u:system_r:hald_t:s0
tcontext=system_u:object_r:removable_device_t:s0 tclass=blk_file

Is $XDG_SESSION_COOKIE set in permissive mode? Because if that one is not set it
means that gdm failed to register your session with ConsoleKit and then HAL will
deny any Mount() method attempt because it thinks you're not in an active session.

(The assignment of ACL's only happens when your session starts and is as such
unrelated to this bug as HAL allows you to mount non-withstanding you've got
access to the device file...)

Are there other AVC's in permissive mode from gdm or ConsoleKit?

the cookie is present in permissive mode. 

As for denials I get this one:
type=USER_AVC msg=audit(1172086964.846:14): user pid=2223 uid=81 auid=4294967295
subj=system_u:system_r:system_dbusd_t:s0 msg='avc:  denied  { send_msg } for
msgtype=method_call interface=org.freedesktop.ConsoleKit.Manager
member=OpenSessionWithParameters dest=org.freedesktop.ConsoleKit spid=2815
tpid=2434 scontext=system_u:system_r:xdm_t:s0-s0:c0.c1023
tcontext=system_u:system_r:initrc_t:s0 tclass=dbus : exe="/bin/dbus-daemon"
(sauid=81, hostname=?, addr=?, terminal=?)'

GDM is unbale to set cookie even if consolekit is running.

This was fixed a while back, let's close this mother up