From: dwalsh@redhat.com (Daniel J Walsh)
Date: Mon, 19 Jul 2010 08:52:37 -0400
Subject: [refpolicy] consolekit etc
In-Reply-To: <20100719083005.27006t6jv7j8cm4g@webmail.tuffmail.net>
References: <201007182002.37967.russell@coker.com.au>
	<20100719083005.27006t6jv7j8cm4g@webmail.tuffmail.net>
Message-ID: <4C444A95.1070800@redhat.com>
To: refpolicy@oss.tresys.com
List-Id: refpolicy.oss.tresys.com

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On 07/19/2010 03:30 AM, Martin Orr wrote:
> On Sun 18 Jul 11:02:37 2010, Russell Coker wrote:
> 
>> type=AVC msg=audit(1279446912.175:7): avc:  denied  { search } for  pid=880
>> comm="dbus-daemon" name="console" dev=sda1 ino=243
>> scontext=system_u:system_r:system_dbusd_t:s0-s0:c0.c1023
>> tcontext=system_u:object_r:consolekit_var_run_t:s0 tclass=dir
>>
>>
>> I'm getting a bunch of denials such as the above.  It seems that dbus-daemon
>> is trying to access /var/run/console for some reason - even though that
>> directory is empty.
> 
> Shouldn't /var/run/console be labelled as pam_var_console_t?
> 
It is in Fedora.  I think dbus is trying to check if the user is logged
into the console.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.14 (GNU/Linux)
Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org/

iEYEARECAAYFAkxESpUACgkQrlYvE4MpobNRJQCfQnMyn6n8w8C3vyXGfhe1BFCe
SmYAoMfvxXQvl5WWJMihZlpL9h/UMSK+
=meVq
-----END PGP SIGNATURE-----