Bug 442130 - SELinux is preventing polkit-resolve- (hald_t) "getattr" to <Unknown> (hald_t).
Summary: SELinux is preventing polkit-resolve- (hald_t) "getattr" to <Unknown> (hald_t).
Status: CLOSED DUPLICATE of bug 442074
Alias: None
Product: Fedora
Classification: Fedora
Component: selinux-policy
Version: rawhide
Hardware: All
OS: Linux
low
low
Target Milestone: ---
Assignee: Daniel Walsh
QA Contact: Fedora Extras Quality Assurance
URL:
Whiteboard:
Keywords:
Depends On:
Blocks: F9Blocker
TreeView+ depends on / blocked
 
Reported: 2008-04-11 22:25 UTC by petrosyan
Modified: 2008-04-12 03:12 UTC (History)
2 users (show)

(edit)
Clone Of:
(edit)
Last Closed: 2008-04-12 03:12:25 UTC

Attachments (Terms of Use)
Add an attachment (proposed patch, testcase, etc.)

Description petrosyan 2008-04-11 22:25:27 UTC 
Summary:

SELinux is preventing polkit-resolve- (hald_t) "getattr" to <Unknown> (hald_t).

Detailed Description:

SELinux denied access requested by polkit-resolve-. It is not expected that this
access is required by polkit-resolve- and this access may signal an intrusion
attempt. It is also possible that the specific version or configuration of the
application is causing it to require additional access.

Allowing Access:

You can generate a local policy module to allow this access - see FAQ
(http://fedora.redhat.com/docs/selinux-faq-fc5/#id2961385) Or you can disable
SELinux protection altogether. Disabling SELinux protection is not recommended.
Please file a bug report (http://bugzilla.redhat.com/bugzilla/enter_bug.cgi)
against this package.

Additional Information:

Source Context                system_u:system_r:hald_t:s0
Target Context                system_u:system_r:hald_t:s0
Target Objects                None [ process ]
Source                        polkit-resolve-
Source Path                   /usr/libexec/polkit-resolve-exe-helper
Port                          <Unknown>
Host                          localhost.localdomain
Source RPM Packages           PolicyKit-0.8-0.git20080404.3.fc9
Target RPM Packages           
Policy RPM                    selinux-policy-3.3.1-33.fc9
Selinux Enabled               True
Policy Type                   targeted
MLS Enabled                   True
Enforcing Mode                Enforcing
Plugin Name                   catchall
Host Name                     localhost.localdomain
Platform                      Linux localhost.localdomain
                              2.6.25-0.218.rc8.git7.fc9.x86_64 #1 SMP Wed Apr 9
                              19:55:19 EDT 2008 x86_64 x86_64
Alert Count                   2
First Seen                    Fri 11 Apr 2008 06:07:20 PM EDT
Last Seen                     Fri 11 Apr 2008 06:08:54 PM EDT
Local ID                      79da3f26-34b7-4c97-850d-2bad02293d38
Line Numbers                  

Raw Audit Messages            

host=localhost.localdomain type=AVC msg=audit(1207951734.605:32): avc:  denied 
{ getattr } for  pid=4134 comm="polkit-resolve-"
scontext=system_u:system_r:hald_t:s0 tcontext=system_u:system_r:hald_t:s0
tclass=process

host=localhost.localdomain type=SYSCALL msg=audit(1207951734.605:32):
arch=c000003e syscall=0 success=no exit=-13 a0=4 a1=16c82a0 a2=fff a3=0 items=0
ppid=2138 pid=4134 auid=4294967295 uid=0 gid=68 euid=0 suid=0 fsuid=0 egid=68
sgid=68 fsgid=68 tty=(none) ses=4294967295 comm="polkit-resolve-"
exe="/usr/libexec/polkit-resolve-exe-helper" subj=system_u:system_r:hald_t:s0
key=(null)
Comment 1 David Zeuthen 2008-04-11 22:39:06 UTC 
Please file SELinux bugs against SELinux; dwalsh is the only one who can fix this.
Comment 2 petrosyan 2008-04-12 03:12:25 UTC 

*** This bug has been marked as a duplicate of 442074 ***
Note You need to log in before you can comment on or make changes to this bug.