From: dwalsh@redhat.com (Daniel J Walsh) Date: Mon, 19 Jul 2010 08:52:37 -0400 Subject: [refpolicy] consolekit etc In-Reply-To: <20100719083005.27006t6jv7j8cm4g@webmail.tuffmail.net> References: <201007182002.37967.russell@coker.com.au> <20100719083005.27006t6jv7j8cm4g@webmail.tuffmail.net> Message-ID: <4C444A95.1070800@redhat.com> To: refpolicy@oss.tresys.com List-Id: refpolicy.oss.tresys.com -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On 07/19/2010 03:30 AM, Martin Orr wrote: > On Sun 18 Jul 11:02:37 2010, Russell Coker wrote: > >> type=AVC msg=audit(1279446912.175:7): avc: denied { search } for pid=880 >> comm="dbus-daemon" name="console" dev=sda1 ino=243 >> scontext=system_u:system_r:system_dbusd_t:s0-s0:c0.c1023 >> tcontext=system_u:object_r:consolekit_var_run_t:s0 tclass=dir >> >> >> I'm getting a bunch of denials such as the above. It seems that dbus-daemon >> is trying to access /var/run/console for some reason - even though that >> directory is empty. > > Shouldn't /var/run/console be labelled as pam_var_console_t? > It is in Fedora. I think dbus is trying to check if the user is logged into the console. -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.14 (GNU/Linux) Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org/ iEYEARECAAYFAkxESpUACgkQrlYvE4MpobNRJQCfQnMyn6n8w8C3vyXGfhe1BFCe SmYAoMfvxXQvl5WWJMihZlpL9h/UMSK+ =meVq -----END PGP SIGNATURE-----