Summary: SELinux is preventing gcm-apply "read" access on 001. Detailed Description: SELinux denied access requested by gcm-apply. It is not expected that this access is required by gcm-apply and this access may signal an intrusion attempt. It is also possible that the specific version or configuration of the application is causing it to require additional access. Allowing Access: You can generate a local policy module to allow this access - see FAQ (http://docs.fedoraproject.org/selinux-faq-fc5/#id2961385) Please file a bug report. Additional Information: Source Context staff_u:staff_r:staff_t:s0 Target Context system_u:object_r:usb_device_t:s0 Target Objects 001 [ chr_file ] Source gcm-apply Source Path /usr/bin/gcm-apply Port <Unknown> Host (removed) Source RPM Packages Target RPM Packages Policy RPM selinux-policy-3.7.15-4.fc13 Selinux Enabled True Policy Type targeted Enforcing Mode Enforcing Plugin Name catchall Host Name (removed) Platform Linux BubbleNet.BubbleWork 2.6.33.1-24.fc13.x86_64 #1 SMP Tue Mar 30 18:21:22 UTC 2010 x86_64 x86_64 Alert Count 238 First Seen Wed 21 Apr 2010 11:01:21 AM EDT Last Seen Wed 21 Apr 2010 11:22:14 AM EDT Local ID dc7aee13-dfff-4221-9798-3c29ea2cce6f Line Numbers Raw Audit Messages node=BubbleNet.BubbleWork type=AVC msg=audit(1271863334.903:129): avc: denied { read } for pid=2015 comm="gcm-apply" name="001" dev=devtmpfs ino=5741 scontext=staff_u:staff_r:staff_t:s0 tcontext=system_u:object_r:usb_device_t:s0 tclass=chr_file Hash String generated from catchall,gcm-apply,staff_t,usb_device_t,chr_file,read audit2allow suggests: #============= staff_t ============== allow staff_t usb_device_t:chr_file read;
display composition fail to start when it's enabled.
Fixed in selinux-policy-3.7.19-1.fc13.noarch
rpm -q selinux-policy selinux-policy-3.7.19-2.fc13.noarch Still having this issue.
What does this output # sesearch -A -s staff_t -t usb_device_t Found 1 semantic av rules: allow staff_usertype usb_device_t : chr_file { ioctl read write getattr lock append open } ;
(In reply to comment #4) > What does this output > > # sesearch -A -s staff_t -t usb_device_t > Found 1 semantic av rules: > allow staff_usertype usb_device_t : chr_file { ioctl read write getattr lock > append open } ; ^ this [carl@BubbleWork ~]$ compiz --replace --debug compiz (core) - Debug: Could not stat() file /home/carl/.compiz/plugins/libcore.so : No such file or directory compiz (core) - Debug: Could not stat() file /usr/lib64/compiz/libcore.so : No such file or directory compiz (core) - Fatal: GLX_EXT_texture_from_pixmap is missing compiz (core) - Error: Failed to manage screen: 0 compiz (core) - Fatal: No manageable screens found on display :0.0 I don't know why it's not working then, like i stated in the email i send to you, seapplet doesn't report any AVCs and i can't see anything relevant in audit.log && messages. I just noticed that i can't start compiz when setenforce is set to 1.
Okay, nvm about the compiz --debug.