SELinux is preventing devkit-disks-he (devicekit_disk_t) "read" udev_tbl_t. Additional Information: Source Context system_u:system_r:devicekit_disk_t:s0-s0:c0.c1023 Target Context system_u:object_r:udev_tbl_t:s0 Target Objects \x2fdevices\x2fpci0000:00\x2f0000:00:1f.2\x2fhost0 \x2ftarget0:0:0\x2f0:0:0:0\x2fblock\x2fsda [ file ] Source devkit-disks-he Source Path /usr/libexec/devkit-disks-helper-ata-smart-collect Source RPM Packages DeviceKit-disks-004-0.6.20090408git.fc11 Policy RPM selinux-policy-3.6.12-2.fc11 Selinux Enabled True Policy Type targeted MLS Enabled True Enforcing Mode Enforcing Alert Count 10 First Seen Fri Apr 10 18:09:17 2009 Last Seen Sat Apr 11 14:00:16 2009 Raw Audit Messages node=sandworm.fordon.pl.eu.org type=AVC msg=audit(1239451216.104:49161): avc: denied { read } for pid=9423 comm="devkit-disks-he" name="\x2fdevices\x2fpci0000:00\x2f0000:00:1f.2\x2fhost0\x2ftarget0:0:0\x2f0:0:0:0\x2fblock\x2fsda" dev=tmpfs ino=8096 scontext=system_u:system_r:devicekit_disk_t:s0-s0:c0.c1023 tcontext=system_u:object_r:udev_tbl_t:s0 tclass=file node=sandworm.fordon.pl.eu.org type=SYSCALL msg=audit(1239451216.104:49161): arch=c000003e syscall=2 success=yes exit=4 a0=7fff367c6a40 a1=0 a2=1b6 a3=238 items=0 ppid=4789 pid=9423 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="devkit-disks-he" exe="/usr/libexec/devkit-disks-helper-ata-smart-collect" subj=system_u:system_r:devicekit_disk_t:s0-s0:c0.c1023 key=(null)
# grep avc /var/log/audit/audit.log | audit2allow -M mypol # semodule -i mypol.pp Fixed in selinux-policy-3.6.12-3.fc11.noarch
Thanks Daniel. I know how to locally change my policy, but shouldn't stock Fedora install not generate any denials?
Yes, that is why I have put a fix out for this. devicekit_disk_t is a permissive domain right now, so nothing is actually getting denied. If you want to stop the message you could install custom policy. Best to just grab the latest policy package.