Hide Forgot
SELinux is preventing /usr/libexec/devkit-power-daemon from read access on the chr_file 001. ***** Plugin catchall (100. confidence) suggests *************************** If you believe that devkit-power-daemon should be allowed read access on the 001 chr_file by default. Then you should report this as a bug. You can generate a local policy module to allow this access. Do allow this access for now by executing: # grep devkit-power-da /var/log/audit/audit.log | audit2allow -M mypol # semodule -i mypol.pp Additional Information: Kontext zdroje system_u:system_r:devicekit_power_t:s0-s0:c0.c1023 Kontext cíle system_u:object_r:usb_device_t:s0 Objekty cíle 001 [ chr_file ] Zdroj devkit-power-da Cesta zdroje /usr/libexec/devkit-power-daemon Port <Neznámé> Počítač mitmanek.ceplovi.cz RPM balíčky zdroje DeviceKit-power-014-3.el6 RPM balíčky cíle RPM politiky selinux-policy-3.7.19-125.el6 Selinux povolen True Typ politiky targeted Vynucovací režim Enforcing Název počítače mitmanek.ceplovi.cz Platforma Linux mitmanek.ceplovi.cz 2.6.32-214.el6.x86_64 #1 SMP Tue Oct 25 19:48:00 EDT 2011 x86_64 x86_64 Počet upozornění 10 Poprvé viděno Čt 10. listopad 2011, 10:52:02 CET Naposledy viděno Čt 10. listopad 2011, 10:52:03 CET Místní ID 162493be-ce80-4417-8556-e9b68fe125a0 Původní zprávy auditu type=AVC msg=audit(1320918723.180:43997): avc: denied { read } for pid=2976 comm="devkit-power-da" name="001" dev=devtmpfs ino=5382 scontext=system_u:system_r:devicekit_power_t:s0-s0:c0.c1023 tcontext=system_u:object_r:usb_device_t:s0 tclass=chr_file type=SYSCALL msg=audit(1320918723.180:43997): arch=x86_64 syscall=open success=no exit=EACCES a0=7fffb13cff40 a1=0 a2=d a3=fffffffd items=0 ppid=1 pid=2976 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=devkit-power-da exe=/usr/libexec/devkit-power-daemon subj=system_u:system_r:devicekit_power_t:s0-s0:c0.c1023 key=(null) Hash: devkit-power-da,devicekit_power_t,usb_device_t,chr_file,read audit2allow #============= devicekit_power_t ============== allow devicekit_power_t usb_device_t:chr_file read; audit2allow -R #============= devicekit_power_t ============== allow devicekit_power_t usb_device_t:chr_file read;
I was doing absolutely nothing with USB port, but most likely it was somewhere around the moemtn when the notebook was resuming from suspend-to-RAM.
This happened just before the original AVC denial. Just to be complete. SELinux is preventing /usr/libexec/devkit-power-daemon from 'read, write' accesses on the chr_file 001. ***** Plugin catchall (100. confidence) suggests *************************** If you believe that devkit-power-daemon should be allowed read write access on the 001 chr_file by default. Then you should report this as a bug. You can generate a local policy module to allow this access. Do allow this access for now by executing: # grep devkit-power-da /var/log/audit/audit.log | audit2allow -M mypol # semodule -i mypol.pp Additional Information: Kontext zdroje system_u:system_r:devicekit_power_t:s0-s0:c0.c1023 Kontext cíle system_u:object_r:usb_device_t:s0 Objekty cíle 001 [ chr_file ] Zdroj devkit-power-da Cesta zdroje /usr/libexec/devkit-power-daemon Port <Neznámé> Počítač mitmanek.ceplovi.cz RPM balíčky zdroje DeviceKit-power-014-3.el6 RPM balíčky cíle RPM politiky selinux-policy-3.7.19-125.el6 Selinux povolen True Typ politiky targeted Vynucovací režim Enforcing Název počítače mitmanek.ceplovi.cz Platforma Linux mitmanek.ceplovi.cz 2.6.32-214.el6.x86_64 #1 SMP Tue Oct 25 19:48:00 EDT 2011 x86_64 x86_64 Počet upozornění 10 Poprvé viděno Čt 10. listopad 2011, 10:52:02 CET Naposledy viděno Čt 10. listopad 2011, 10:52:03 CET Místní ID 6078a7e9-2e84-44d8-a1f0-7298dd9c4ddf Původní zprávy auditu type=AVC msg=audit(1320918723.180:43996): avc: denied { read write } for pid=2976 comm="devkit-power-da" name="001" dev=devtmpfs ino=5382 scontext=system_u:system_r:devicekit_power_t:s0-s0:c0.c1023 tcontext=system_u:object_r:usb_device_t:s0 tclass=chr_file type=SYSCALL msg=audit(1320918723.180:43996): arch=x86_64 syscall=open success=no exit=EACCES a0=7fffb13cff40 a1=2 a2=7fffb13cff54 a3=fffffffd items=0 ppid=1 pid=2976 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=devkit-power-da exe=/usr/libexec/devkit-power-daemon subj=system_u:system_r:devicekit_power_t:s0-s0:c0.c1023 key=(null) Hash: devkit-power-da,devicekit_power_t,usb_device_t,chr_file,read,write audit2allow #============= devicekit_power_t ============== allow devicekit_power_t usb_device_t:chr_file { read write }; audit2allow -R #============= devicekit_power_t ============== allow devicekit_power_t usb_device_t:chr_file { read write };
Matej, please use the latest build. -126 release.
*** This bug has been marked as a duplicate of bug 752453 ***