gnome-power-manager disappears if selinux enabled

Daniel J Walsh dwalsh at redhat.com
Thu Jan 19 16:35:44 UTC 2006 

Roger Grosswiler wrote:
> Am Mittwoch, den 18.01.2006, 15:47 +0100 schrieb Roger Grosswiler:
>   
>> Hey John,
>>
>> Doing latest update right now and will try a fixfiles relabel
>> afterwards. If it still exists, i gonna file it in bugzilla.
>>
>> Roger
>>
>> Am Mittwoch, den 18.01.2006, 09:16 -0500 schrieb John (J5) Palmieri:
>>     
>>> Do you have the latest SE-Linux updates.  I though we fixed
>>> the /usr/share/scripts issue.  If it is the latest update please file a
>>> bug on selinux-policy-targeted in bugzilla with the exact same
>>> description you gave below.
>>>
>>> On Wed, 2006-01-18 at 10:11 +0100, Roger Grosswiler wrote:
>>>       
>>>> Again, 
>>>>
>>>> if i have selinux enabled, the g-p-m icon disappears and i find the
>>>> following in my audit.log:
>>>>
>>>> type=AVC msg=audit(1137522144.013:60): avc:  denied  { execute } for
>>>> pid=2641 comm="hald" name="hal-system-power-set-power-save" dev=dm-0
>>>> ino=1763088 scontext=system_u:system_r:hald_t:s0
>>>> tcontext=system_u:object_r:usr_t:s0 tclass=file
>>>> type=PATH msg=audit(1137522144.013:60): item=0
>>>> name="/usr/share/hal/scripts/hal-system-power-set-power-save" flags=101
>>>> inode=1763088 dev=fd:00 mode=0100755 ouid=0 ogid=0 rdev=00:00
>>>>
>>>> so, in this, audit2allow says:
>>>> [root at niobe audit]# audit2allow -i audit.log | grep hal
>>>> allow hald_t boot_t:dir getattr;
>>>> allow hald_t home_root_t:dir search;
>>>> allow hald_t initctl_t:fifo_file write;
>>>> allow hald_t initrc_var_run_t:file lock;
>>>> allow hald_t mnt_t:dir create;
>>>> allow hald_t mnt_t:file write;
>>>> allow hald_t sysctl_fs_t:dir search;
>>>> allow hald_t usr_t:file execute;
>>>> allow hald_t var_lib_nfs_t:dir search;
>>>>
>>>> (ok, nfs really doesn't belong to the g-p-m :-D )
>>>>
>>>>
>>>> HTH, Thanks
>>>> Roger
>>>>         
>>> -- 
>>> John (J5) Palmieri <johnp at redhat.com>
>>>
>>>       
>> -- 
>>     
> Ok, now rebooted twice with relabelled system, twice g-p-m stays...
> perhaps it was my fault or relabelling did not work properly...
>
> Roger
>
>   
When you updated the policy package it relabeled this directory.  No 
need to relabel the entire machine.

More information about the fedora-test-list mailing list