Created attachment 598563 [details] /etc/tuned/new-x900/tuned.conf Description of problem: I let /usr/bin/powertop2tuned create some scripts for tuned to save energy. But when tuned is started the script.sh is not executed. Version-Release number of selected component (if applicable): [drindt@localhost ~]$ rpm -qa|grep tune tuned-utils-2.0.1-3.fc17.noarch tuned-2.0.1-3.fc17.noarch How reproducible: always Steps to Reproduce: 1. run /usr/bin/powertop2tuned 2. activate the newly generated profile 3. reload tuned Actual results: script.sh is not executed Expected results: script.sh should be executed
I suspect this is related to what I found when creating a custom profile by hand including a script in /etc/tuned/<profile directory>, since that is also where powertop2tuned purports to place the profile it creates. The problem in my case appears to be the SELinux targeted policy insists on labeling the file as it appears in /etc as unconfined_u which stops tuned from running it. Strongarming the context (via chcon) to have system_u allows tuned to run it (at least for me). Of course, unless the SELinux policy filecontexts are updated, this will eventually revert and the problem will return. And I'm not sure that's the appropriate context fix either - just that it works. If this is the same for the powertop2tuned result, then maybe this bug should be refiled/modified as a SELinux targeted policy bug as then it wouldn't be the fault of tuned.
This package has changed ownership in the Fedora Package Database. Reassigning to the new owner of this component.
Thanks for reporting thus bug. The problem seems already fixed in recent selinux-policy. $ ls -Z /etc/tuned/new-x900/script.sh -rwxr-xr-x. root root unconfined_u:object_r:tuned_etc_t:s0 /etc/tuned/new-x900/script.sh And the commands in /etc/tuned/new-x900/script.sh are executed for me, package versions: tuned-2.0.1-5.fc17.noarch selinux-policy-3.10.0-166.fc17.noarch Thus I am closing this bug. If the problem persist feel free to reopen.