From: martin@martinorr.name (Martin Orr) Date: Mon, 19 Jul 2010 08:30:05 +0100 Subject: [refpolicy] consolekit etc In-Reply-To: <201007182002.37967.russell@coker.com.au> References: <201007182002.37967.russell@coker.com.au> Message-ID: <20100719083005.27006t6jv7j8cm4g@webmail.tuffmail.net> To: refpolicy@oss.tresys.com List-Id: refpolicy.oss.tresys.com On Sun 18 Jul 11:02:37 2010, Russell Coker wrote: > type=AVC msg=audit(1279446912.175:7): avc: denied { search } for pid=880 > comm="dbus-daemon" name="console" dev=sda1 ino=243 > scontext=system_u:system_r:system_dbusd_t:s0-s0:c0.c1023 > tcontext=system_u:object_r:consolekit_var_run_t:s0 tclass=dir > > > I'm getting a bunch of denials such as the above. It seems that dbus-daemon > is trying to access /var/run/console for some reason - even though that > directory is empty. Shouldn't /var/run/console be labelled as pam_var_console_t? -- Martin Orr