Description of problem: AVC denial for HAL callout to dellWirelessCtl. This will prevent HAL from enabling the wireless radio on Dell laptops. type=AVC msg=audit(1190300167.303:34): avc: denied { read } for pid=3510 comm="dellWirelessCtl" name="mem" dev=tmpfs ino=2233 scontext=system_u:system_r:hald_t:s0 tcontext=system_u:object_r:memory_device_t:s0 tclass=chr_file Version-Release number of selected component (if applicable): How reproducible: This was reported to me by somebody else... will need to get the reproduce steps and post them separately. It probably is called when networkmanager tries to enable the wireless radio. Talked on IRC, and dellWirelessCtl needs to have a policy that allows it access to /dev/mem as well as a few files under /sys/.
Sorry, truncated the last paragraph when I was transcribing... Talked to walters on IRC and he suggested opening a bug.
Looking at the HAL policy, we already grant it read-write access to raw disk devices. It seems of limited utility to define separate domains for callout programs which need further specific privileges like raw memory access (sonypic and mac), and now dellWirelessCtl. So my basic suggestion would be to merge all three into a highly privileged hal_callout_t domain.
Actually I would like to try to go the other way, and figure out which hal exes require r/w raw disk, and only give the privs to that exe. Anyways. Fixed in selinux-policy-3.0.8-6.fc8
Bulk closing all bugs in Fedora updates in the modified state. If you bug is not fixed, please reopen.