350711 – selinux denies /usr/lib/pm-utils/sleep.d/20video access to /var/run/vbemode

Bug 350711 - selinux denies /usr/lib/pm-utils/sleep.d/20video access to /var/run/vbemode

Summary: selinux denies /usr/lib/pm-utils/sleep.d/20video access to /var/run/vbemode

Keywords:
Status:	CLOSED CURRENTRELEASE
Alias:	None
Product:	Fedora
Classification:	Fedora
Component:	selinux-policy
Sub Component:
Version:	7
Hardware:	All
OS:	Linux
Priority:	low
Severity:	low
Target Milestone:	---
Assignee:	Daniel Walsh
QA Contact:	Fedora Extras Quality Assurance
Docs Contact:
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+	depends on / blocked

Reported:	2007-10-24 16:49 UTC by Jason Merrill
Modified:	2008-01-30 19:18 UTC (History)
CC List:	0 users
Fixed In Version:	Current
Clone Of:
Environment:
Last Closed:	2008-01-30 19:18:45 UTC
Type:	---
Embargoed:
Dependent Products:

Attachments	(Terms of Use)
first selinux alert (2.96 KB, text/plain) 2007-10-24 16:49 UTC, Jason Merrill	no flags	Details
Second selinux alert (2.22 KB, text/plain) 2007-10-24 16:50 UTC, Jason Merrill	no flags	Details
View All

Description Jason Merrill 2007-10-24 16:49:49 UTC

Since I updated to selinux-policy-2.6.4-48.fc7, resuming my Thinkpad T43 from
suspend has produced a couple of violations in setroubleshoot.  This is probably
only hit on laptops that use the VBEMODE_RESTORE power management quirk.

Comment 1 Jason Merrill 2007-10-24 16:49:49 UTC

Created attachment 236381 [details]
first selinux alert

Comment 2 Jason Merrill 2007-10-24 16:50:30 UTC

Created attachment 236391 [details]
Second selinux alert

Comment 3 Daniel Walsh 2007-10-30 03:32:13 UTC

Looks like this a bug in policy or the app.  Not sure who is creating this file,
but it needs to be labeled hald_var_run_t.

chcon -t hald_var_run_t /var/run/vbemode 

will set the file context until the file is recreated.

I will add this context to the file system, you can test my fix by adding it
yourself.

semanage fcontext -a -t hald_var_run_t '/var/run/vbe.*'

Should add it,  See if this fixes the problem.

Comment 4 Daniel Walsh 2007-11-10 13:16:45 UTC

Fixed in selinux-policy-2.6.4-55.fc7

Comment 5 Daniel Walsh 2008-01-30 19:18:45 UTC

Bulk closing all bugs in Fedora updates in the modified state.  If you bug is
not fixed, please reopen.

Note You need to log in before you can comment on or make changes to this bug.