Description of problem: When plugging a firewire camera on my system i get the following avc error in setroubleshoot Summary SELinux is preventing /usr/bin/setfacl (hald_acl_t) "getattr" access to device /dev/fw1. Detailed Description SELinux has denied the /usr/bin/setfacl (hald_acl_t) "getattr" access to device /dev/fw1. /dev/fw1 is mislabeled, this device has the default label of the /dev directory, which should not happen. All Character and/or Block Devices should have a label. You can attempt to change the label of the file using restorecon -v /dev/fw1. If this device remains labeled device_t, then this is a bug in SELinux policy. Please file a http://bugzilla.redhat.com/bugzilla/enter_bug.cgi against the selinux-policy package. If you look at the other similar devices labels, ls -lZ /dev/SIMILAR, and find a type that would work for /dev/fw1, you can use chcon -t SIMILAR_TYPE /dev/fw1, If this fixes the problem, you can make this permanent by executing semanage fcontext -a -t SIMILAR_TYPE /dev/fw1 If the restorecon changes the context, this indicates that the application that created the device, created it without using SELinux APIs. If you can figure out which application created the device, please file a http://bugzilla.redhat.com/bugzilla/enter_bug.cgi against this application. Allowing Access Attempt restorecon -v /dev/fw1 or chcon -t SIMILAR_TYPE /dev/fw1 Additional Information Source Context system_u:system_r:hald_acl_t Target Context system_u:object_r:device_t Target Objects /dev/fw1 [ chr_file ] Affected RPM Packages acl-2.2.39-3.1.fc7 [application] Policy RPM selinux-policy-2.6.1-1.fc7 Selinux Enabled True Policy Type targeted MLS Enabled True Enforcing Mode Enforcing Plugin Name plugins.device Host Name ghost.home-net Platform Linux ghost.home-net 2.6.21-1.3116.fc7 #1 SMP Thu Apr 26 10:36:44 EDT 2007 i686 i686 Alert Count 4 First Seen Σαβ 28 Απρ 2007 02:01:58 μμ EEST Last Seen Σαβ 28 Απρ 2007 02:06:38 μμ EEST Local ID 96c87c7e-a0bd-4cc2-a197-3f406e6b28b8 Line Numbers Raw Audit Messages avc: denied { getattr } for comm="setfacl" cwd="/usr/libexec" dev=00:10 egid=0 euid=0 exe="/usr/bin/setfacl" exit=-13 fsgid=0 fsuid=0 gid=0 inode=60172 item=0 items=1 mode=020600 name="fw1" obj=system_u:object_r:device_t:s0 ogid=0 ouid=0 path="/dev/fw1" pid=5279 rdev=fb:01 scontext=system_u:system_r:hald_acl_t:s0 sgid=0 subj=system_u:system_r:hald_acl_t:s0 suid=0 tclass=chr_file tcontext=system_u:object_r:device_t:s0 tty=(none) uid=0
selinux-policy-2.6.1-3.fc7
fixed in latest selinux policy selinux-policy-2.6.4-6.fc7