SELinux problem
Mikkel L. Ellertson
mikkel at infinity-ltd.com
Mon Jun 26 23:15:19 UTC 2006
I know next to nothing about setting up SELinux rules. I am getting
the error messages listed below when I insert a SD card into the
reader build into my laptop.
Jun 25 16:19:50 localhost kernel: audit(1151270390.163:21): avc:
denied { read } for pid=11043 comm="hald-probe-stor"
name="mmcblk0" dev=tmpfs ino=79271
scontext=system_u:system_r:hald_t:s0
tcontext=system_u:object_r:device_t:s0 tclass=blk_file
Jun 25 16:19:50 localhost kernel: audit(1151270390.459:22): avc:
denied { read } for pid=11049 comm="hald-probe-volu"
name="mmcblk0p1" dev=tmpfs ino=79294
scontext=system_u:system_r:hald_t:s0
tcontext=system_u:object_r:device_t:s0 tclass=blk_file
The card is being detected, and the two devices, /dev/mmcblk0 and
/dev/mmcblk0p1 are being created. The mmcblk0p1 is the FAT16
partition on the card. I can manually mount /dev/mmcblk0p1 and
access the card. If I am reading the error messages correctly, HAL
is trying to read the card to get information to pass along so that
the card can get mounted, but SELinux is blocking it because there
is no rule allowing HAL to access the file.
I am not sure, but I believe that the proper fix would be to change
/etc/selinux/targeted/modules/active/file_contexts.template and add
something like
/dev/mmcblk* -b system_u:object_r:removable_device_t:s0
and then rebuilding
/etc/selinux/targeted/modules/active/file_contexts. But because I am
not sure of this, and because I don't like to mess with files that
will probably get change with the next update, I would like to use
the semanage command to add it. But I can not figure out the proper
syntax to do it. Can someone help me out here?
TIA
Mikkel
--
Do not meddle in the affairs of dragons,
for thou art crunchy and taste good with Ketchup!
More information about the fedora-list
mailing list