Summary: SELinux is preventing /usr/libexec/hald-addon-storage "read" access to device sdb. Detailed Description: SELinux has denied hald-addon-stor "read" access to device sdb. sdb is mislabeled, this device has the default label of the /dev directory, which should not happen. All Character and/or Block Devices should have a label. You can attempt to change the label of the file using restorecon -v 'sdb'. If this device remains labeled device_t, then this is a bug in SELinux policy. Please file a bg report. If you look at the other similar devices labels, ls -lZ /dev/SIMILAR, and find a type that would work for sdb, you can use chcon -t SIMILAR_TYPE 'sdb', If this fixes the problem, you can make this permanent by executing semanage fcontext -a -t SIMILAR_TYPE 'sdb' If the restorecon changes the context, this indicates that the application that created the device, created it without using SELinux APIs. If you can figure out which application created the device, please file a bug report against this application. Allowing Access: Attempt restorecon -v 'sdb' or chcon -t SIMILAR_TYPE 'sdb' Additional Information: Source Context system_u:system_r:hald_t:s0 Target Context system_u:object_r:device_t:s0 Target Objects sdb [ blk_file ] Source hald-addon-stor Source Path /usr/libexec/hald-addon-storage Port <Unknown> Host (removed) Source RPM Packages hal-0.5.13-9.fc12 Target RPM Packages Policy RPM selinux-policy-3.6.32-108.fc12 Selinux Enabled True Policy Type targeted Enforcing Mode Enforcing Plugin Name device Host Name (removed) Platform Linux (removed) 2.6.32.11-99.fc12.i686 #1 SMP Mon Apr 5 16:32:08 EDT 2010 i686 i686 Alert Count 4 First Seen Wed 21 Apr 2010 12:40:57 PM IST Last Seen Wed 21 Apr 2010 12:40:59 PM IST Local ID 95149d6e-b227-47d7-9d31-eff30e937360 Line Numbers Raw Audit Messages node=(removed) type=AVC msg=audit(1271833859.2:864): avc: denied { read } for pid=9782 comm="hald-addon-stor" name="sdb" dev=devtmpfs ino=162658 scontext=system_u:system_r:hald_t:s0 tcontext=system_u:object_r:device_t:s0 tclass=blk_file node=(removed) type=SYSCALL msg=audit(1271833859.2:864): arch=40000003 syscall=5 success=no exit=-13 a0=916241e a1=8000 a2=0 a3=9168480 items=0 ppid=1395 pid=9782 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="hald-addon-stor" exe="/usr/libexec/hald-addon-storage" subj=system_u:system_r:hald_t:s0 key=(null) Hash String generated from device,hald-addon-stor,hald_t,device_t,blk_file,read audit2allow suggests: #============= hald_t ============== allow hald_t device_t:blk_file read;
kingbiotech What is the label on sdb? ls -lZ /dev/sdb This looks like it is fixed in setroubleshoot-2.2.112-1.fc12 If not earlier.