Summary: SELinux is preventing /sbin/iwconfig access to a leaked /dev/input/event0 file descriptor. Detailed Description: [iwconfig has a permissive type (ifconfig_t). This access was not denied.] SELinux denied access requested by the iwconfig command. It looks like this is either a leaked descriptor or iwconfig output was redirected to a file it is not allowed to access. Leaks usually can be ignored since SELinux is just closing the leak and reporting the error. The application does not use the descriptor, so it will run properly. If this is a redirection, you will not get output in the /dev/input/event0. You should generate a bugzilla on selinux-policy, and it will get routed to the appropriate package. You can safely ignore this avc. Allowing Access: You can generate a local policy module to allow this access - see FAQ (http://docs.fedoraproject.org/selinux-faq-fc5/#id2961385) Additional Information: Source Context system_u:system_r:ifconfig_t:s0 Target Context system_u:object_r:event_device_t:s0 Target Objects /dev/input/event0 [ chr_file ] Source iwconfig Source Path /sbin/iwconfig Port <Unknown> Host (removed) Source RPM Packages wireless-tools-29-5.1.fc12 Target RPM Packages Policy RPM selinux-policy-3.9.7-7.fc14 Selinux Enabled True Policy Type targeted Enforcing Mode Enforcing Plugin Name leaks Host Name (removed) Platform Linux (removed) 2.6.35.6-48.fc14.x86_64 #1 SMP Fri Oct 22 15:36:08 UTC 2010 x86_64 x86_64 Alert Count 6 First Seen Sun 31 Oct 2010 04:14:39 PM CET Last Seen Sun 31 Oct 2010 04:14:39 PM CET Local ID 65de5eea-a73d-45ab-b998-ade1e58919e5 Line Numbers Raw Audit Messages node=(removed) type=AVC msg=audit(1288538079.995:26320): avc: denied { read } for pid=2631 comm="iwconfig" path="/dev/input/event0" dev=devtmpfs ino=5750 scontext=system_u:system_r:ifconfig_t:s0 tcontext=system_u:object_r:event_device_t:s0 tclass=chr_file node=(removed) type=AVC msg=audit(1288538079.995:26320): avc: denied { read } for pid=2631 comm="iwconfig" path="/dev/input/event1" dev=devtmpfs ino=5751 scontext=system_u:system_r:ifconfig_t:s0 tcontext=system_u:object_r:event_device_t:s0 tclass=chr_file node=(removed) type=AVC msg=audit(1288538079.995:26320): avc: denied { read } for pid=2631 comm="iwconfig" path="/dev/input/event2" dev=devtmpfs ino=5752 scontext=system_u:system_r:ifconfig_t:s0 tcontext=system_u:object_r:event_device_t:s0 tclass=chr_file node=(removed) type=AVC msg=audit(1288538079.995:26320): avc: denied { read } for pid=2631 comm="iwconfig" path="/dev/input/event3" dev=devtmpfs ino=5753 scontext=system_u:system_r:ifconfig_t:s0 tcontext=system_u:object_r:event_device_t:s0 tclass=chr_file node=(removed) type=AVC msg=audit(1288538079.995:26320): avc: denied { read } for pid=2631 comm="iwconfig" path="/dev/input/event4" dev=devtmpfs ino=5770 scontext=system_u:system_r:ifconfig_t:s0 tcontext=system_u:object_r:event_device_t:s0 tclass=chr_file node=(removed) type=AVC msg=audit(1288538079.995:26320): avc: denied { read } for pid=2631 comm="iwconfig" path="/dev/input/event6" dev=devtmpfs ino=6095 scontext=system_u:system_r:ifconfig_t:s0 tcontext=system_u:object_r:event_device_t:s0 tclass=chr_file node=(removed) type=SYSCALL msg=audit(1288538079.995:26320): arch=c000003e syscall=59 success=yes exit=0 a0=7fffb8b73f18 a1=1eae630 a2=1e9d1f0 a3=3a3c884600 items=0 ppid=2620 pid=2631 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="iwconfig" exe="/sbin/iwconfig" subj=system_u:system_r:ifconfig_t:s0 key=(null) Hash String generated from leaks,iwconfig,ifconfig_t,event_device_t,chr_file,read audit2allow suggests: #============= ifconfig_t ============== allow ifconfig_t event_device_t:chr_file read;
Executing the following command in an script upon an acpi events triggers the above SELinux message: iwconfig wlan0 power on The scipt is executed by acpid under the root account.
Looks like acpid is leaking. If should call fcntl(fd, F_SETFD, FD_CLOEXEC). erazortt you can execute # grep event_device_t /var/log/audit/audit.log | audit2allow -D -M myacpid # semodule -i myacpid.pp
Ok this solved the problem. Thanks.
acpid-2.0.5-4.fc14 has been submitted as an update for Fedora 14. https://admin.fedoraproject.org/updates/acpid-2.0.5-4.fc14
acpid-2.0.5-4.fc14 has been pushed to the Fedora 14 testing repository. If problems still persist, please make note of it in this bug report. If you want to test the update, you can install it with su -c 'yum --enablerepo=updates-testing update acpid'. You can provide feedback for this update here: https://admin.fedoraproject.org/updates/acpid-2.0.5-4.fc14
acpid-2.0.5-4.fc14 has been pushed to the Fedora 14 stable repository. If problems still persist, please make note of it in this bug report.