Bug 735828 - devicekit avcs after resume
Summary: devicekit avcs after resume
Keywords:
Status: CLOSED ERRATA
Alias: None
Product: Fedora
Classification: Fedora
Component: selinux-policy-targeted
Version: 16
Hardware: i686
OS: Linux
unspecified
low
Target Milestone: ---
Assignee: Miroslav Grepl
QA Contact: Ben Levenson
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2011-09-05 15:58 UTC by Klaus Lichtenwalder
Modified: 2011-09-12 13:42 UTC (History)
1 user (show)

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed: 2011-09-12 12:44:35 UTC


Attachments (Terms of Use)
raw avc messages (5.35 KB, text/plain)
2011-09-05 15:58 UTC, Klaus Lichtenwalder
no flags Details

Description Klaus Lichtenwalder 2011-09-05 15:58:33 UTC
Created attachment 521514 [details]
raw avc messages

Description of problem:
After resuming, I get the following denials

#============= devicekit_power_t ==============
allow devicekit_power_t xserver_port_t:tcp_socket name_connect;
allow devicekit_power_t xserver_t:unix_stream_socket connectto;

#============= insmod_t ==============
allow insmod_t devicekit_var_run_t:file read;


Version-Release number of selected component (if applicable):

selinux-policy-targeted-3.10.0-21.fc16.noarch
selinux-policy-3.10.0-21.fc16.noarch

Comment 1 Daniel Walsh 2011-09-06 15:45:42 UTC
Fixed in selinux-policy-3.10.0-25.fc16

THe insmod_t one is a leaked file descriptor from upowerd.

Comment 2 Miroslav Grepl 2011-09-08 11:56:05 UTC
yum update selinux-policy --enablerepo=updates-testing

Comment 3 Klaus Lichtenwalder 2011-09-09 13:26:57 UTC
Works for me, thanks!

Comment 4 Miroslav Grepl 2011-09-12 12:44:35 UTC
Could you update karma. Thank you.

Comment 5 Klaus Lichtenwalder 2011-09-12 13:42:37 UTC
Sorry, forgot URL and hoped you would post it, but found it again ;-)


Note You need to log in before you can comment on or make changes to this bug.