hald_t needs access to hwdata_t ?
Tom London
selinux at gmail.com
Mon Sep 26 14:46:46 UTC 2005
Running targeted/enforcing, rawhide.
Does the following make sense?
tom
--- hald.te.save 2005-09-26 07:35:02.000000000 -0700
+++ hald.te 2005-09-26 07:35:34.000000000 -0700
@@ -79,6 +79,7 @@
tmp_domain(hald)
allow hald_t mnt_t:dir search;
r_dir_file(hald_t, proc_net_t)
+r_dir_file(hald_t, hwdata_t)
# For /usr/libexec/hald-addon-acpi - writes to /var/run/acpid.socket
ifdef(`apmd.te', `
Here are the AVCs:
type=AVC msg=audit(1127744849.852:7): avc: denied { search } for
pid=2462 comm="hald" name="hwdata" dev=dm-0 ino=130882
scontext=system_u:system_r:hald_t:s0
tcontext=system_u:object_r:hwdata_t:s0 tclass=dir
type=SYSCALL msg=audit(1127744849.852:7): arch=40000003 syscall=5
success=no exit=-13 a0=8077d98 a1=8000 a2=1b6 a3=9759c88 items=1
pid=2462 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0
sgid=0 fsgid=0 comm="hald" exe="/usr/sbin/hald"
type=CWD msg=audit(1127744849.852:7): cwd="/"
type=PATH msg=audit(1127744849.852:7): item=0
name="/usr/share/hwdata/pci.ids" flags=101 inode=130882 dev=fd:00
mode=040755 ouid=0 ogid=0 rdev=00:00
type=AVC msg=audit(1127744849.852:8): avc: denied { search } for
pid=2462 comm="hald" name="hwdata" dev=dm-0 ino=130882
scontext=system_u:system_r:hald_t:s0
tcontext=system_u:object_r:hwdata_t:s0 tclass=dir
type=SYSCALL msg=audit(1127744849.852:8): arch=40000003 syscall=5
success=no exit=-13 a0=8077db8 a1=8000 a2=1b6 a3=9759c88 items=1
pid=2462 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0
sgid=0 fsgid=0 comm="hald" exe="/usr/sbin/hald"
type=CWD msg=audit(1127744849.852:8): cwd="/"
type=PATH msg=audit(1127744849.852:8): item=0
name="/usr/share/hwdata/usb.ids" flags=101 inode=130882 dev=fd:00
mode=040755 ouid=0 ogid=0 rdev=00:00
--
Tom London
More information about the fedora-selinux-list
mailing list