I get the following errors on my notebook with targeted policy enabled: Apr 1 23:47:53 kodaly kernel: audit(1175464073.509:149): avc: denied { connectto } for pid=4294 comm="hald-addon-acpi" name="acpid.socket" scontext=user_u:system_r:hald_t:s0 tcontext=system_u:system_r:initrc_t:s0 tclass=unix_stream_socket I used restorecon to reset the labeling of the files in /var, but the problem is still present. The message appear about every 5 seconds.
apmd must not be running in the write context on this machine. On my machine I have the following: # ps -eZ | grep apmd system_u:system_r:apmd_t 2480 ? 00:00:00 acpid ls -lZ /var/run/acpid.socket srw-rw-rw- root root system_u:object_r:apmd_var_run_t /var/run/acpid.socket # ls -lZ /usr/sbin/acpid -rwxr-x--- root root system_u:object_r:apmd_exec_t /usr/sbin/acpid
It's acpid, not apmd. Here is what I got: $ps -eZ | grep acpid system_u:system_r:kernel_t 62 ? 00:00:02 kacpid user_u:system_r:initrc_t 7166 ? 00:00:00 acpid $ls -lZ /var/run/acpid.socket srw-rw-rw- root root user_u:object_r:var_run_t /var/run/acpid.socket= $ls -lZ /usr/sbin/acpid -rwxr-x--- root root system_u:object_r:apmd_exec_t /usr/sbin/acpid*
Also, starting acpid using /etc/init.d/acpid always sets the type of acpid.socket to var_run_t, even if I previously restored it to apmd_var_run_t.
getsebool -a | grep apm Did you disable transition on acpid?
Yes it was disabled. I enabled it again, and now everything seems to be as it should. I don't know how it got changed at all.