Bug 442823 - SELinux is preventing polkit-resolve- (hald_t) "getattr" to <Unknown> (hald_t).
SELinux is preventing polkit-resolve- (hald_t) "getattr" to <Unknown> (hald_t).
Product: Fedora
Classification: Fedora
Component: selinux-policy (Show other bugs)
x86_64 Linux
low Severity low
: ---
: ---
Assigned To: Daniel Walsh
Fedora Extras Quality Assurance
Depends On:
  Show dependency treegraph
Reported: 2008-04-16 21:36 EDT by Flóki Pálsson
Modified: 2008-04-17 18:42 EDT (History)
1 user (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Last Closed: 2008-04-17 08:25:17 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)
SElinux AVC and ll of files as root and user (6.42 KB, text/plain)
2008-04-16 21:36 EDT, Flóki Pálsson
no flags Details
audit.log (133.14 KB, text/plain)
2008-04-16 21:38 EDT, Flóki Pálsson
no flags Details

  None (edit)
Description Flóki Pálsson 2008-04-16 21:36:13 EDT
Description of problem:
User can not access files on another disk /dev/sda. 

Version-Release number of selected component (if applicable):

How reproducible:

Steps to Reproduce:
reboot login as user ( floki ) and tray to access with Nautilus on separate disk
( /tonlist )
If I log user out  ( floki ) and then log in as root and then log root out and
user in again then user can access the files on separate disk 
Actual results:
When as user then SElinux forbids access.
SELinux is preventing polkit-resolve- (hald_t) "getattr" to <Unknown> (hald_t). 

In permessive mode it is possible to access files on separate disk 

Expected results:
In FC8 then there is no problem to access /tonlist.
FC8 is on third disk. 

Additional info:
Comment 1 Flóki Pálsson 2008-04-16 21:36:14 EDT
Created attachment 302687 [details]
SElinux AVC and ll of files as root and user
Comment 2 Flóki Pálsson 2008-04-16 21:38:42 EDT
Created attachment 302688 [details]

The audit log
Comment 3 Daniel Walsh 2008-04-17 08:25:17 EDT
You can allow this for now.

# audit2allow -M mypol -l -i /var/log/audit/audit.log
# semodule -i mypol.pp

Fixed in selinux-policy-3.3.1-35.fc9.noarch
Comment 4 Flóki Pálsson 2008-04-17 18:42:26 EDT
The probem is not solved.
There are no SELinux warnings.

I can access the files on other disk in permessive mode. 
When I  change to Enforcing mode again I to can access the files on other disk.

After rebooting the files are not accessable.

selinux-policy-3.3.1-35.fc9.noarch  is installed.

I have rebooted useding  "Relabel on next reboot"  

Note You need to log in before you can comment on or make changes to this bug.