From: domg472@gmail.com (Dominick Grift) Date: Tue, 28 Dec 2010 16:40:37 +0100 Subject: [refpolicy] bluetooth-applet not showing up in the panel In-Reply-To: <4D1A036F.9040604@gmail.com> References: <4D19FB69.8000700@gmail.com> <4D1A036F.9040604@gmail.com> Message-ID: <4D1A04F5.9020601@gmail.com> To: refpolicy@oss.tresys.com List-Id: refpolicy.oss.tresys.com -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On 12/28/2010 04:34 PM, Justin P. Mattock wrote: > On 12/28/2010 06:59 AM, Dominick Grift wrote: >> -----BEGIN PGP SIGNED MESSAGE----- >> Hash: SHA1 >> >> On 12/28/2010 03:50 PM, Justin Mattock wrote: >>> Hello, >>> I've a strange issue over here, when enforcement mode >>> bluetooth-applet will not >>> show up, but after waking from suspend it does.. any ideas on >>> what/where is causing >>> this to do so? >> >> Judging from the .service files entries in the logs below i suspect you >> are using Fedora rawhide here or a custom os based off of fedora rawhide? >> > > neither.. just a from scratch system(used the guides here and there on > packages, but mostly went my own way) > >> In either case you can probably do the usual troubleshooting to narrow >> things down a bit: >> >> 1. is this issue even selinux related; e.g. does it work in permissive >> mode. >> > > works fine under permissive, as soon as enforcement the applet just > doesnt show up(under ps aux, it is starting)but after waking from S2R > the applet shows up(strange!!) If it works fine in permissive mode but not in enforcing mode then it looks like an SELinux policy issue: Thus we need AVC denials to see where it is denied access to what it needs to do. So look for AVC denials and if no AVC denials show up, then run semodule -DB to remove the dontaudit rules and after that try to reproduce this issue and check for AVC denials again. When done testing rebuild the policy with dontaudit rules included by running semodule -B Please enclose any AVC denials you are seeing that could be related to your issue. >> = if selinux related issue (works in permissive mode); are there any avc >> denials? >> >> == if no avc denials use semodule -DB to unload "hidden denial rules" >> then reproduce. >> >> === if avc denials: enclose and/or analyse >> > > yeah I've checked all of those(was thinking it's RFKILL related, but > then maybe it's not)I'll look again to see.. > >> If its not an selinux issue may be a setuid/getgid / capability issue? >> > > could be...maybe what I did below, is the cause of this: > > Using gdm + fluxbox + gnome-keyring there was some issues with the whole > session thing.. long story short I ended up adding:(taken from: > https://bbs.archlinux.org/viewtopic.php?id=67959) > > # launches a session dbus instance > dbuslaunch="`which dbus-launch 2>/dev/null`" > if [ -n "$dbuslaunch" ] && [ -x "$dbuslaunch" ] && [ -z > "$DBUS_SESSION_BUS_ADDRESS" ]; then > eval `$dbuslaunch --sh-syntax --exit-with-session` > fi > > in: /etc/gnome/gdm/Xsession > and also adding: > /usr/share/xsessions/fluxbox.desktop > Exec=ck-launch-session /usr/bin/startfluxbox > > > > 2656 ? Sl 0:00 /usr/bin/gnome-keyring-daemon --daemonize > --login > 2725 ? Ss 0:00 ck-launch-session /usr/bin/startfluxbox > 2746 ? S 0:00 /usr/bin/dbus-launch --sh-syntax > --exit-with-session > 2753 ? Ss 0:00 /usr/bin/ssh-agent -- ck-launch-session > /usr/bin/startfluxbox > 2758 ? S 0:04 /usr/bin/fluxbox > 2760 ? S 0:00 sh /home/justin/.fluxbox/startup > 2761 ? Sl 0:00 /usr/bin/gnome-power-manager > 2763 ? SLl 0:00 nm-applet --sm-disable > 2764 ? S 0:00 /usr/bin/bluetooth-applet > 2765 ? S 0:00 volumeicon > 2767 ? Ssl 0:00 /usr/lib/bonobo/bonobo-activation-server > --ac-activate --ior-output-fd=20 > 2768 ? S 0:00 /usr/lib/gdu-notification-daemon > 2819 ? S 0:01 tint2 > 2820 ? Ss 0:05 /usr/bin/gnome-screensaver > 2826 ? S 0:00 /usr/bin/gnome-keyring-daemon --start > --foreground --components=secrets > > to have these guys starting properly due to them needing certain things > to start correctly(keep in mind this is a work in progress, so there is > things wrong) > > Justin P. Mattock -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.16 (GNU/Linux) Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org/ iEYEARECAAYFAk0aBPUACgkQMlxVo39jgT/uTQCglwpkgwD5JN895/2WjnNDFVli Dh4AoIXEIP3fhOTMc06GZSX8xAVv1Bzy =U+Tw -----END PGP SIGNATURE-----