Hide Forgot
libreport version: 2.0.8 executable: /usr/bin/python hashmarkername: setroubleshoot kernel: 3.1.5-6.fc16.x86_64 reason: SELinux is preventing systemd-logind from 'getattr' accesses on the chr_file controlC1. time: Tue 20 Dec 2011 12:42:17 PM BRT description: :I suspend my machine, when it came back a few seconds after suspend the following error happened : :SELinux is preventing systemd-logind from 'getattr' accesses on the chr_file controlC1. : :***** Plugin device (91.4 confidence) suggests ***************************** : :If você quer permitir que systemd-logind tenha acesso getattr no controlC1 chr_file :Then you need to change the label on controlC1 to a type of a similar device. :Do :# semanage fcontext -a -t SIMILAR_TYPE 'controlC1' :# restorecon -v 'controlC1' : :***** Plugin catchall (9.59 confidence) suggests *************************** : :If you believe that systemd-logind should be allowed getattr access on the controlC1 chr_file by default. :Then you should report this as a bug. :You can generate a local policy module to allow this access. :Do :allow this access for now by executing: :# grep systemd-logind /var/log/audit/audit.log | audit2allow -M mypol :# semodule -i mypol.pp : :Additional Information: :Source Context system_u:system_r:systemd_logind_t:s0 :Target Context system_u:object_r:device_t:s0 :Target Objects controlC1 [ chr_file ] :Source systemd-logind :Source Path systemd-logind :Port <Desconhecido> :Host (removed) :Source RPM Packages :Target RPM Packages :Policy RPM selinux-policy-3.10.0-64.fc16 :Selinux Enabled True :Policy Type targeted :Enforcing Mode Enforcing :Host Name (removed) :Platform Linux (removed) : 3.1.5-6.fc16.x86_64 #1 SMP Thu Dec 15 16:14:44 UTC : 2011 x86_64 x86_64 :Alert Count 1 :First Seen Tue 20 Dec 2011 12:39:28 PM BRT :Last Seen Tue 20 Dec 2011 12:39:28 PM BRT :Local ID 42ca6c57-f001-4aa4-a378-8b1bce57064f : :Raw Audit Messages :type=AVC msg=audit(1324395568.408:390): avc: denied { getattr } for pid=1018 comm="systemd-logind" name="controlC1" dev=devtmpfs ino=1089070 scontext=system_u:system_r:systemd_logind_t:s0 tcontext=system_u:object_r:device_t:s0 tclass=chr_file : : :Hash: systemd-logind,systemd_logind_t,device_t,chr_file,getattr : :audit2allow : :#============= systemd_logind_t ============== :allow systemd_logind_t device_t:chr_file getattr; : :audit2allow -R : :#============= systemd_logind_t ============== :allow systemd_logind_t device_t:chr_file getattr; :
Miroslav I think we should label device_t as a dev_node() so that interfaces that deal with all devices will be allowed access. Christian do you know the path to controlC1? find /dev -name controlC1
Most likely /dev/snd/controlC1 ls -lZ /dev/snd/controlC1
Fixed in the latest policy.