acpid

Matthew Saltzman mjs at ces.clemson.edu
Fri Sep 23 20:09:45 UTC 2005 

Can nobody here help with this (and if not, where could I go for 
assistance)?  selinux-policy-targeted-1.27.1-2.1 does not solve the 
problem.

Thanks.

On Wed, 21 Sep 2005, Matthew Saltzman wrote:

> On Thu, 15 Sep 2005, Matthew Saltzman wrote:
>
>> I have ACPI scripts that are supposed to run when Fn-Fx is pressed (for 
>> various values of x).  The scripts run fine when invoked from a shell, but 
>> they fail when invoked by keypress.  For example, 
>> /etc/acpi/actions/Fn-F3.sh contains:
>> 
>> 	#!/bin/sh
>> 
>> 	if [ -f /var/tmp/acpi-lightoff ]; then
>> 	  /usr/sbin/radeontool light on
>> 	  /bin/rm /var/tmp/acpi-lightoff
>> 	else
>> 	  /usr/sbin/radeontool light off
>> 	  /bin/touch /var/tmp/acpi-lightoff
>> 	fi
>> 
>> When invoked by keypress, I get the following audit messages, and no action 
>> is taken (light stays on, no file touched).  Should I be doing something 
>> different or is there something in selinux-policy-targeted that needs to be 
>> fixed?
>
> I've changed the script so that it reads its status directly rather than 
> checking for the file:
>
>     if [ "$(/usr/sbin/radeontool light)" = "The radeon backlight looks on" 
> ]; then
>       /usr/sbin/radeontool light off
>     else
>       /usr/sbin/radeontool light on
>     fi
>
> It still works fine if invoked from the command line and doesn't work if 
> invoked by acpid, unless setenforce 0 is set.  How can I fix this, and can it 
> be fixed in selinux-policy-targeted?  Thanks.
>
> /var/log/acpi reports:
>
> [Wed Sep 21 04:37:22 2005] received event "ibm/hotkey HKEY 00000080 00001003"
> [Wed Sep 21 04:37:22 2005] notifying client 3203[500:500]
> [Wed Sep 21 04:37:22 2005] executing action "/etc/acpi/actions/Fn-F3.sh"
> [Wed Sep 21 04:37:22 2005] BEGIN HANDLER MESSAGES
> Radeon hardware not found in lspci output.
> Radeon hardware not found in lspci output.
> [Wed Sep 21 04:37:23 2005] END HANDLER MESSAGES
> [Wed Sep 21 04:37:23 2005] action exited with status 255
> [Wed Sep 21 04:37:23 2005] completed event "ibm/hotkey HKEY 00000080 
> 00001003"
>
> /var/log/audit/audit.log reports:
>
> type=AVC msg=audit(1127291842.986:3152715): avc:  denied  { read } for 
> pid=7984 comm="lspci" name="pci.ids" dev=dm-0 ino=809685 
> scontext=system_u:system_r:apmd_t tcontext=system_u:object_r:usr_t 
> tclass=file
> type=SYSCALL msg=audit(1127291842.986:3152715): arch=40000003 syscall=5 
> success=no exit=-13 a0=8054e5c a1=0 a2=fbad8001 a3=0 items=1 pid=7984 
> auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 
> comm="lspci" exe="/sbin/lspci"
> type=CWD msg=audit(1127291842.986:3152715):  cwd="/"
> type=PATH msg=audit(1127291842.986:3152715): item=0 
> name="/usr/share/hwdata/pci.ids" flags=101  inode=809685 dev=fd:00 
> mode=0100644 ouid=0 ogid=0 rdev=00:00
> type=AVC msg=audit(1127291842.997:3153231): avc:  denied  { read } for 
> pid=7986 comm="lspci" name="pci.ids" dev=dm-0 ino=809685 
> scontext=system_u:system_r:apmd_t tcontext=system_u:object_r:usr_t 
> tclass=file
> type=SYSCALL msg=audit(1127291842.997:3153231): arch=40000003 syscall=5 
> success=no exit=-13 a0=8054e5c a1=0 a2=fbad8001 a3=0 items=1 pid=7986 
> auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 
> comm="lspci" exe="/sbin/lspci"
> type=CWD msg=audit(1127291842.997:3153231):  cwd="/"
> type=PATH msg=audit(1127291842.997:3153231): item=0 
> name="/usr/share/hwdata/pci.ids" flags=101  inode=809685 dev=fd:00 
> mode=0100644 ouid=0 ogid=0 rdev=00:00
>
>

-- 
 		Matthew Saltzman

Clemson University Math Sciences
mjs AT clemson DOT edu
http://www.math.clemson.edu/~mjs

More information about the fedora-selinux-list mailing list