AVCs on suspend/resume

Tom London selinux at gmail.com
Tue Oct 2 21:25:20 UTC 2007 

Running latest Rawhide, targeted/enforcing.

I accidentally did a suspend/resume on my Thinkpad.

I got the following AVCs.  Sorry, can't tell from this if this
happened during suspend or resume.

I'm guessing the first AVC (from alsactl) is from
/usr/lib/pm-utils/sleep.d/65alsa.  There is this code there:

#!/bin/bash

. /usr/lib/pm-utils/functions

case "$1" in
        hibernate|suspend)
                alsactl store 0 >/dev/null 2>&1
                ;;
        thaw|resume)
                alsactl restore 0 >/dev/null 2>&1
                ;;
        *)
                ;;
esac

Could there be a leaded file descriptor?

/var/log/pm-suspend.log contains:
===== Tue Oct  2 10:45:35 PDT 2007: running hook:
/usr/lib/pm-utils/sleep.d/60sysfont =====
/usr/lib/pm-utils/sleep.d/60sysfont: line 7: /dev/tty0: Permission denied

60sysfont has:
case "$1" in
        resume|thaw)
                setsysfont </dev/tty0 ;;
esac
 Not sure its related.....

Are these known?  Worth redoing in permissive mode?

tom

type=AVC msg=audit(1191347118.765:32): avc:  denied  { search } for
pid=6632 comm="alsactl" name="root" dev=dm-0 ino=9043969
scontext=system_u:system_r:alsa_t:s0
tcontext=root:object_r:sysadm_home_dir_t:s0 tclass=dir
type=SYSCALL msg=audit(1191347118.765:32): arch=40000003 syscall=33
success=no exit=-13 a0=8588508 a1=4 a2=743678 a3=858091c items=0
ppid=6630 pid=6632 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0
egid=0 sgid=0 fsgid=0 tty=(none) comm="alsactl" exe="/sbin/alsactl"
subj=system_u:system_r:alsa_t:s0 key=(null)
type=USYS_CONFIG msg=audit(1191347120.527:33): user pid=6688 uid=0
auid=4294967295 subj=system_u:system_r:hwclock_t:s0 msg='changing
system time: exe="/sbin/hwclock" (hostname=?, addr=?, terminal=?
res=success)'
type=AVC msg=audit(1191347120.695:34): avc:  denied  { setsched } for
pid=6547 comm="pm-suspend" scontext=system_u:system_r:hald_t:s0
tcontext=system_u:system_r:kernel_t:s0 tclass=process
type=AVC msg=audit(1191347120.695:34): avc:  denied  { setsched } for
pid=6547 comm="pm-suspend" scontext=system_u:system_r:hald_t:s0
tcontext=system_u:system_r:kernel_t:s0 tclass=process
type=SYSCALL msg=audit(1191347120.695:34): arch=40000003 syscall=4
success=yes exit=3 a0=1 a1=b7fd5000 a2=3 a3=3 items=0 ppid=6544
pid=6547 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0
sgid=0 fsgid=0 tty=(none) comm="pm-suspend" exe="/bin/bash"
subj=system_u:system_r:hald_t:s0 key=(null)
type=USYS_CONFIG msg=audit(1191347135.250:35): user pid=6809 uid=0
auid=4294967295 subj=system_u:system_r:hwclock_t:s0 msg='changing
system time: exe="/sbin/hwclock" (hostname=?, addr=?, terminal=?
res=success)'
type=AVC msg=audit(1191347135.013:36): avc:  denied  { search } for
pid=6816 comm="alsactl" name="root" dev=dm-0 ino=9043969
scontext=system_u:system_r:alsa_t:s0
tcontext=root:object_r:sysadm_home_dir_t:s0 tclass=dir
type=SYSCALL msg=audit(1191347135.013:36): arch=40000003 syscall=33
success=no exit=-13 a0=956a508 a1=4 a2=743678 a3=956291c items=0
ppid=6814 pid=6816 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0
egid=0 sgid=0 fsgid=0 tty=(none) comm="alsactl" exe="/sbin/alsactl"
subj=system_u:system_r:alsa_t:s0 key=(null)
type=USER_ACCT msg=audit(1191348061.178:37): user pid=7003 uid=0
auid=4294967295 subj=system_u:system_r:crond_t:s0-s0:c0.c1023
msg='op=PAM:accounting acct=root exe="/usr/sbin/crond" (hostname=?,
addr=?, terminal=cron res=success)'


-- 
Tom London

More information about the fedora-selinux-list mailing list