Description of problem: NetworkManager ceased to work quite recently for me, and after a lot of searching I tried to work my way through audit2allow and when applying three policies I have created with it, everything works. Version-Release number of selected component (if applicable): dbus-1.0.2-6.fc7 udev-113-12.fc7 NetworkManager-0.6.5-7.fc7 selinux-policy-2.6.4-45.fc7 selinux-policy-targeted-2.6.4-45.fc7 How reproducible: 100% Steps to Reproduce: 1.restart computer with chkconfig NetworkManager set on "on". 2.messagebus is down, therefore couple of daemons doesn'ŧ work (messages like these happen): Sep 29 17:15:52 viklef console-kit-daemon[2637]: WARNING: Couldn't connect to system bus: Failed to connect to socket /var/run/dbus/system_bus_socket: Connection refused 3.NetworkManager is not able to get IP address from the network Actual results: messagesbus is down, many daemons fail because of that, including NetworkManager Expected results: everything is OK, and I get free ice cream ;-)
Created attachment 212331 [details] /var/log/audit.log
Created attachment 212341 [details] /var/log/messages.1 with particular error messages about access denial to dbus socket
Created attachment 212351 [details] New NM Selinux module I think this is the module which made the trick
Created attachment 212361 [details] Another selinux module I created as well Just for the sake of completness I have created this module as well -- I have no clue whether it is needed or actually whether it is good idea.
Created attachment 212371 [details] and the last SELinux module I made this is the last module I made
First off, for some reason your /root directory is labeled default_t. restorecon -R -v /root should fix this. All of your default_t messages are caused by this. The hal messages are caused by a badly labeled pm-suspend.log. restorecon -R -v /var/log Should fix this. And an updated version of pm-utils should be coming to fix this forever. by placing the log file in /var/run/pm and /var/log/pm subdirectory dbus fixes will be in selinux-policy-2.6.4-46
I can fully confirm mislabeled /root (I have no idea, how that happened), but restorecon -v -R /var didn't say anything about relabeling of pm-suspend.log.
I think this has been fixed in subsequent updates of selinux-policy.