Bug 350711 - selinux denies /usr/lib/pm-utils/sleep.d/20video access to /var/run/vbemode
selinux denies /usr/lib/pm-utils/sleep.d/20video access to /var/run/vbemode
Product: Fedora
Classification: Fedora
Component: selinux-policy (Show other bugs)
All Linux
low Severity low
: ---
: ---
Assigned To: Daniel Walsh
Fedora Extras Quality Assurance
Depends On:
  Show dependency treegraph
Reported: 2007-10-24 12:49 EDT by Jason Merrill
Modified: 2008-01-30 14:18 EST (History)
0 users

See Also:
Fixed In Version: Current
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Last Closed: 2008-01-30 14:18:45 EST
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)
first selinux alert (2.96 KB, text/plain)
2007-10-24 12:49 EDT, Jason Merrill
no flags Details
Second selinux alert (2.22 KB, text/plain)
2007-10-24 12:50 EDT, Jason Merrill
no flags Details

  None (edit)
Description Jason Merrill 2007-10-24 12:49:49 EDT
Since I updated to selinux-policy-2.6.4-48.fc7, resuming my Thinkpad T43 from
suspend has produced a couple of violations in setroubleshoot.  This is probably
only hit on laptops that use the VBEMODE_RESTORE power management quirk.
Comment 1 Jason Merrill 2007-10-24 12:49:49 EDT
Created attachment 236381 [details]
first selinux alert
Comment 2 Jason Merrill 2007-10-24 12:50:30 EDT
Created attachment 236391 [details]
Second selinux alert
Comment 3 Daniel Walsh 2007-10-29 23:32:13 EDT
Looks like this a bug in policy or the app.  Not sure who is creating this file,
but it needs to be labeled hald_var_run_t.

chcon -t hald_var_run_t /var/run/vbemode 

will set the file context until the file is recreated.

I will add this context to the file system, you can test my fix by adding it

semanage fcontext -a -t hald_var_run_t '/var/run/vbe.*'

Should add it,  See if this fixes the problem.
Comment 4 Daniel Walsh 2007-11-10 08:16:45 EST
Fixed in selinux-policy-2.6.4-55.fc7
Comment 5 Daniel Walsh 2008-01-30 14:18:45 EST
Bulk closing all bugs in Fedora updates in the modified state.  If you bug is
not fixed, please reopen.

Note You need to log in before you can comment on or make changes to this bug.