Created attachment 317277 [details] AVC messages Description of problem: When the shutdown menu is selected in KDE an AVC message and SElinux denial is logged for KDM (attached) Version-Release number of selected component (if applicable): kdebase-workspace-4.1.0-8.fc9.i386 How reproducible: Every time shutdown menu is opened Steps to Reproduce: 1. Run setroubleshoot or tail -f /var/log/audit/audit.log 2. Open shutdown menu (Any of the options on "Leave" works) 3. Watch AVC message appear in log Actual results: SElinux denies access and an AVC message is logged Expected results: No AVC message and access is allowed - or equally, kdm stops trying to access /boot Additional info: I don't think this impacts usability in any way so I class it more of an annoyance
Did you modify /etc/kde/kdm/kdmrc at all? I see AVC messages too, but only when/if I modify the Bootloader options (and the selinux folks vetoed my request to allow that).
Yeah, I set BootManager=Grub , that seems to be the problem. If the selinux side can't be fixed, can we just patch that feature out or somthing, as I'm assuming that whatever feature that enables won't work as it is?
The feature is disabled by default for a reason. If you want it to work, you can either disable SELinux (I'd recommend doing that anyway, but I'm known all around here as the "SELinux hater" ;-) ) or add a custom policy to allow this (see audit2allow, and Dan Walsh's blog where several ways to customize SELinux are described, I can't help you much with it as I don't use it).
Closing as WONTFIX, as we KDE folks can't fix it and the SELinux folks don't want to allow this in the default policy.
Ok, thanks for helping (audit2allow was my first port of call as it happens, I just wanted to be sure it wasn't something generally fixable)
*** Bug 504125 has been marked as a duplicate of this bug. ***