Description of problem: When inserting a CD I get the following error message: Error: org.freedesktop.Hal.PermissionDenied Permission denied: Not active in session Version-Release number of selected component (if applicable): hal-0.5.9-0.git20070218.fc7 How reproducible: 100% Steps to Reproduce: 1. insert cd
Let me guess? You're not logged in via gdm? Cuz if that's the case then please close this as a dup of bug 228110 or one if it's dependents. Thanks.
I am logged in via GDM
- what are the versions of hal, gdm, ConsoleKit? Latest Rawhide? - from your session what is the value of $XDG_SESSION_COOKIE ? - is there a process of name 'console-kit-daemon' running? - as root, please paste the output of 'cat /var/lib/hal/acl-list' Thanks.
This is the latest Development as of 20th of February 2007. hal-0.5.9-0.git20070218.fc7 gdm-2.17.6-4.fc7 ConsoleKit-0.1.0-5.fc7 XDG_SESSION_COOKIE doesn't exist. console-kit-daemon is running. /var/lib/hal/acl-list is empty.
Interesting - this suggests either ConsoleKit or gdm is buggy. You're logging in on a local console right?
Absolutely my good man
Is this a one-time thing that happened or can you reproduce it?
Also, are you running in SELinux enforcing mode? If so, please try permissive and note that the fix for bug 229159 still haven't hit rawhide...
SELinux is in enforcing mode, entirely as is the Fedora default. The issue persists betweeen reboots.
Sigh. As if I didn't know that enforcing mode is the Fedora default. Please realize that the way SELinux currently works such issues like AVC denials will crop up as long as the policy and source are kept in two different packages. For more rants about this see bug 229159 (which was filed before the new hal package was available in Rawhide). The good thing is that this might get resolved. Anyway, since I can't read your mind nor log into your box (and I wouldn't want to do neither :-)), it would be useful if you actually answered the question in comment 8. Does it work in permissive mode? Would also be bloody useful if you mentioned whether there was AVC denials. Thanks.
David, please relax, I am working as fast as I can, you asked if I was running SELinux and I told you I was running the default setup in that respect. It works when in permissive mode but under enforcing mode I saw no avc denials which strikes me as odd. Could there be something preventing SELinux from logging the denials?
Odd, they turn up now.. ah well I hope these are helpful. type=AVC msg=audit(1172086964.904:16): avc: denied { setattr } for pid=2843 comm="setfacl" name="adsp" dev=tmpfs ino=6237 scontext=system_u:system_r:hald_t:s0 tcontext=system_u:object_r:sound_device_t:s0 tclass=chr_file type=AVC msg=audit(1172086964.904:16): avc: denied { fowner } for pid=2843 comm="setfacl" capability=3 scontext=system_u:system_r:hald_t:s0 tcontext=system_u:system_r:hald_t:s0 tclass=capability type=AVC msg=audit(1172086964.906:17): avc: denied { setattr } for pid=2843 comm="setfacl" name="scd0" dev=tmpfs ino=6447 scontext=system_u:system_r:hald_t:s0 tcontext=system_u:object_r:removable_device_t:s0 tclass=blk_file
Is $XDG_SESSION_COOKIE set in permissive mode? Because if that one is not set it means that gdm failed to register your session with ConsoleKit and then HAL will deny any Mount() method attempt because it thinks you're not in an active session. (The assignment of ACL's only happens when your session starts and is as such unrelated to this bug as HAL allows you to mount non-withstanding you've got access to the device file...) Are there other AVC's in permissive mode from gdm or ConsoleKit?
the cookie is present in permissive mode. As for denials I get this one: type=USER_AVC msg=audit(1172086964.846:14): user pid=2223 uid=81 auid=4294967295 subj=system_u:system_r:system_dbusd_t:s0 msg='avc: denied { send_msg } for msgtype=method_call interface=org.freedesktop.ConsoleKit.Manager member=OpenSessionWithParameters dest=org.freedesktop.ConsoleKit spid=2815 tpid=2434 scontext=system_u:system_r:xdm_t:s0-s0:c0.c1023 tcontext=system_u:system_r:initrc_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
GDM is unbale to set cookie even if consolekit is running.
This was fixed a while back, let's close this mother up