acpid

Matthew Saltzman mjs at ces.clemson.edu
Wed Sep 21 11:03:41 UTC 2005 

On Thu, 15 Sep 2005, Matthew Saltzman wrote:

> I have ACPI scripts that are supposed to run when Fn-Fx is pressed (for 
> various values of x).  The scripts run fine when invoked from a shell, but 
> they fail when invoked by keypress.  For example, /etc/acpi/actions/Fn-F3.sh 
> contains:
>
> 	#!/bin/sh
>
> 	if [ -f /var/tmp/acpi-lightoff ]; then
> 	  /usr/sbin/radeontool light on
> 	  /bin/rm /var/tmp/acpi-lightoff
> 	else
> 	  /usr/sbin/radeontool light off
> 	  /bin/touch /var/tmp/acpi-lightoff
> 	fi
>
> When invoked by keypress, I get the following audit messages, and no action 
> is taken (light stays on, no file touched).  Should I be doing something 
> different or is there something in selinux-policy-targeted that needs to be 
> fixed?

I've changed the script so that it reads its status directly rather than 
checking for the file:

      if [ "$(/usr/sbin/radeontool light)" = "The radeon backlight looks on" ]; then
        /usr/sbin/radeontool light off
      else
        /usr/sbin/radeontool light on
      fi

It still works fine if invoked from the command line and doesn't work if 
invoked by acpid, unless setenforce 0 is set.  How can I fix this, and can 
it be fixed in selinux-policy-targeted?  Thanks.

/var/log/acpi reports:

[Wed Sep 21 04:37:22 2005] received event "ibm/hotkey HKEY 00000080 00001003"
[Wed Sep 21 04:37:22 2005] notifying client 3203[500:500]
[Wed Sep 21 04:37:22 2005] executing action "/etc/acpi/actions/Fn-F3.sh"
[Wed Sep 21 04:37:22 2005] BEGIN HANDLER MESSAGES
Radeon hardware not found in lspci output.
Radeon hardware not found in lspci output.
[Wed Sep 21 04:37:23 2005] END HANDLER MESSAGES
[Wed Sep 21 04:37:23 2005] action exited with status 255
[Wed Sep 21 04:37:23 2005] completed event "ibm/hotkey HKEY 00000080 00001003"

/var/log/audit/audit.log reports:

type=AVC msg=audit(1127291842.986:3152715): avc:  denied  { read } for 
pid=7984 comm="lspci" name="pci.ids" dev=dm-0 ino=809685 
scontext=system_u:system_r:apmd_t tcontext=system_u:object_r:usr_t 
tclass=file
type=SYSCALL msg=audit(1127291842.986:3152715): arch=40000003 syscall=5 
success=no exit=-13 a0=8054e5c a1=0 a2=fbad8001 a3=0 items=1 pid=7984 
auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 
comm="lspci" exe="/sbin/lspci"
type=CWD msg=audit(1127291842.986:3152715):  cwd="/"
type=PATH msg=audit(1127291842.986:3152715): item=0 
name="/usr/share/hwdata/pci.ids" flags=101  inode=809685 dev=fd:00 
mode=0100644 ouid=0 ogid=0 rdev=00:00
type=AVC msg=audit(1127291842.997:3153231): avc:  denied  { read } for 
pid=7986 comm="lspci" name="pci.ids" dev=dm-0 ino=809685 
scontext=system_u:system_r:apmd_t tcontext=system_u:object_r:usr_t 
tclass=file
type=SYSCALL msg=audit(1127291842.997:3153231): arch=40000003 syscall=5 
success=no exit=-13 a0=8054e5c a1=0 a2=fbad8001 a3=0 items=1 pid=7986 
auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 
comm="lspci" exe="/sbin/lspci"
type=CWD msg=audit(1127291842.997:3153231):  cwd="/"
type=PATH msg=audit(1127291842.997:3153231): item=0 
name="/usr/share/hwdata/pci.ids" flags=101  inode=809685 dev=fd:00 
mode=0100644 ouid=0 ogid=0 rdev=00:00

-- 
 		Matthew Saltzman

Clemson University Math Sciences
mjs AT clemson DOT edu
http://www.math.clemson.edu/~mjs

More information about the fedora-selinux-list mailing list