preventing console-kit-dae (consolekit_t) "read" to (polkit_var_lib_t) on restart
Andrew Farris
lordmorgul at gmail.com
Wed Apr 2 07:14:55 UTC 2008
This occurs on Rawhide when trying to 'Restart' from Gnome System
menu. My user does have policykit authorization to restart the system
(others logged in or not) and to shutdown the system, but neither
work. At the moment I have to logout, then switch to VT1 and reboot.
GDM cannot restart either.
SELinux is preventing console-kit-dae (consolekit_t) "read" to
./org.freedesktop.hal.device-access.sound.override (polkit_var_lib_t).
Source Context system_u:system_r:consolekit_t:s0-s0:c0.c1023
Target Context unconfined_u:object_r:polkit_var_lib_t:s0
Target Objects ./org.freedesktop.hal.device-access.sound.override
[ file ]
Source console-kit-dae
Source Path /usr/sbin/console-kit-daemon
Port <Unknown>
Host cirithungol
Source RPM Packages ConsoleKit-0.2.10-1.fc9
Target RPM Packages
Policy RPM selinux-policy-3.3.1-26.fc9
Selinux Enabled True
Policy Type targeted
MLS Enabled True
Enforcing Mode Enforcing
Plugin Name catchall_file
Host Name cirithungol
Platform Linux cirithungol 2.6.25-0.172.rc7.git4.fc9.i686
#1 SMP Fri Mar 28 21:46:59 EDT 2008 i686 i686
Alert Count 1
First Seen Wed 02 Apr 2008 12:00:41 AM PDT
Last Seen Wed 02 Apr 2008 12:00:41 AM PDT
Local ID bade6013-09c9-4ca8-afba-3632172a3fc9
Line Numbers
Raw Audit Messages
host=cirithungol type=AVC msg=audit(1207119641.661:3387): avc: denied
{ read } for pid=2192 comm="console-kit-dae"
name="org.freedesktop.hal.device-access.sound.override" dev=dm-0
ino=727047 scontext=system_u:system_r:consolekit_t:s0-s0:c0.c1023
tcontext=unconfined_u:object_r:polkit_var_lib_t:s0 tclass=file
host=cirithungol type=SYSCALL msg=audit(1207119641.661:3387):
arch=40000003 syscall=5 success=no exit=-13 a0=98d1918 a1=8000 a2=0
a3=8000 items=0 ppid=1 pid=2192 auid=4294967295 uid=0 gid=0 euid=0
suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295
comm="console-kit-dae" exe="/usr/sbin/console-kit-daemon"
subj=system_u:system_r:consolekit_t:s0-s0:c0.c1023 key=(null)
--
Andrew Farris <lordmorgul at gmail.com> www.lordmorgul.net
gpg 0x8300BF29 fingerprint 071D FFE0 4CBC 13FC 7DEB 5BD5 5F89 8E1B 8300 BF29
revoked key 0xC99B1DF3 no longer used
No one now has, and no one will ever again get, the big picture. - Daniel Geer
More information about the fedora-selinux-list
mailing list