I've plugged in an iSight, but /dev/fwX do not seem to get proper labels: [wwoods@brinstar ~]$ ls -alZ /dev/fw* crw------- root root system_u:object_r:device_t /dev/fw0 crw------- root root system_u:object_r:device_t /dev/fw1 This prevents hal from being able to run /usr/bin/setfacl on them: avc: denied { getattr } for comm="setfacl" dev=tmpfs egid=0 euid=0 exe="/usr/bin/setfacl" exit=-13 fsgid=0 fsuid=0 gid=0 items=0 name="fw1" path="/dev/fw1" pid=4510 scontext=system_u:system_r:hald_acl_t:s0 sgid=0 subj=system_u:system_r:hald_acl_t:s0 suid=0 tclass=chr_file tcontext=system_u:object_r:device_t:s0 tty=(none) uid=0 Which may prevent me from using it properly.
What version of policy? On my machine matchpathcon /dev/fw0 /dev/fw0 system_u:object_r:usb_device_t selinux-policy-2.6.4-4.fc7
actually, hmm. I've now got selinux-policy-targeted-2.6.4-6.fc7, and that gives similar matchpathcon results. But I currently don't have physical access to the machine, so I can't tell if this is a problem right now. I'll test again Monday.
Seems fixed now that I'm definitely using the right policy.