From: justinmattock@gmail.com (Justin P. Mattock) Date: Tue, 04 Jan 2011 06:36:03 -0800 Subject: [refpolicy] bluetooth-applet not showing up in the panel In-Reply-To: <4D232952.8020904@redhat.com> References: <4D19FB69.8000700@gmail.com> <4D1A036F.9040604@gmail.com> <4D1A04F5.9020601@gmail.com> <4D1A11DF.3030508@gmail.com> <4D1A12C1.70600@gmail.com> <4D1A391C.2030206@giz-works.com> <4D1A43FD.6080801@gmail.com> <4D1DB050.50304@redhat.com> <4D22780F.4050209@gmail.com> <4D232952.8020904@redhat.com> Message-ID: <4D233053.7030508@gmail.com> To: refpolicy@oss.tresys.com List-Id: refpolicy.oss.tresys.com On 01/04/2011 06:06 AM, Daniel J Walsh wrote: > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > On 01/03/2011 08:29 PM, Justin P. Mattock wrote: >> On 12/31/2010 02:28 AM, Daniel J Walsh wrote: >>> -----BEGIN PGP SIGNED MESSAGE----- >>> Hash: SHA1 >>> >>> On 12/28/2010 03:09 PM, Justin P. Mattock wrote: >>>> On 12/28/2010 11:23 AM, Chris Richards wrote: >>>>> On 12/28/2010 10:39 AM, Dominick Grift wrote: >>>>>>> yeah nothing is showing up in the logs i.g. >>>>>>> /var/log/Xorg,messages,user.log, etc...(no audit daemon running), and >>>>>>> semodule -DB has already been done) >>>>>> strange indeed becuase if it works in permissive mode but not in >>>>>> enforcing mode then i would suspect its selinux preventing access. In >>>>>> that case avc denials *should* be visible. either in dmesg , >>>>>> /var/log/messages /var/log/xorg.log /var/log/audit/audit.log etc. >>>>> It might be instructive to see if there are any denials when running in >>>>> permissive mode. I've encountered situations in the past where no >>>>> denials would be reported when running enforcing (even with semodule >>>>> -DB, other than the expected dontaudits, of course), yet when >>>>> running in >>>>> permissive mode, there would be denials out the wazzoo, even with apps >>>>> that were supposedly not selinux-aware. >>>>> >>>>> Later, >>>>> Chris >>>>> _______________________________________________ >>>>> refpolicy mailing list >>>>> refpolicy at oss.tresys.com >>>>> http://oss.tresys.com/mailman/listinfo/refpolicy >>>>> >>>> >>>> >>>> yeah those avc's can be little buggers if hidden away in some file >>>> somewhere..I'll have a look again to make sure.. in the meantime >>>> I am noticing in .xsession-errors in enforcing mode: >>>> >>>> >>>> cat .xsession-errors >>>> /etc/gnome/gdm/Xsession: Beginning session setup... >>>> /etc/gnome/gdm/Xsession: Setup done, will execute: /usr/bin/ssh-agent -- >>>> ck-launch-session /usr/bin/startfluxbox >>>> >>>> ** (bluetooth-applet:2786): WARNING **: Could not open RFKILL control >>>> device, please verify your installation >>>> GLib-GIO-Message: Using the 'memory' GSettings backend. Your settings >>>> will not be saved or shared with other applications. >>>> tint2 : nb monitor 1, nb monitor used 1, nb desktop 4 >>>> tint2 : pixmap background detection failed >>>> Error changing to home directory /root: Permission denied >>>> Error changing to home directory /root: Permission denied >>>> Error changing to home directory /root: Permission denied >>>> >>>> >>>> the: Error changing to home directory /root: Permission denied >>>> does not occur in permissive mode so maybe this is whats hitting and >>>> causing the stuckage or something.. I'll need to look again at >>>> everything to make sure I didnt forget a build flag or something >>>> >>>> Justin P. Mattock >>>> _______________________________________________ >>>> refpolicy mailing list >>>> refpolicy at oss.tresys.com >>>> http://oss.tresys.com/mailman/listinfo/refpolicy >>> Are you logging in as root via X? >> >> >> no I dont think I was(under ps auxZ everything showed the proper user >> from what I remembered(gdm)) >> >> Keep in mind one thing I didnt mention(and didnt think was the cause)is >> Im seeing pkexec showing up in dmesg.. I can supply the avc for that, >> but might be a while due to having to compress that system and ready the >> machine to be sold(no job, no money, no food etc...) >> >> I'll keep you updated with this, as soon as I connect the dots with >> other things.. >> >> Justin P. Mattock >> >> > Well there is an open bug against gnome-power-manager launching > gnome-screensaver when run from gdm. But I would figure this would do > some wierd stuff in gdm home dir not /root > -----BEGIN PGP SIGNATURE----- > Version: GnuPG v1.4.11 (GNU/Linux) > Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org/ > > iEYEARECAAYFAk0jKVEACgkQrlYvE4MpobMdUgCgtNrGaoa7JancnUhVJrJmi33i > 8R0AnA9EMUqcBEQ4mIgGEFUBaqr/ssmR > =oRBV > -----END PGP SIGNATURE----- > yeah that's what's getting me on this, is the pkexec is something to do with the backlight dimmer helper thing(loading nouvea revealed this one) strange thing with the bluetooth-applet is after waking up from suspend the applet will show right up in the dock with nm-applet/gnome-power like nothing ever happened. in regards to the policy, my build.conf looks like this: TYPE = mcs NAME = refpolicy UNK_PERMS = deny DIRECT_INITRC = n MONOLITHIC = n UBAC = y MLS_SENS = 16 MLS_CATS = 256 MCS_CATS = 256 QUIET = n only thing not used with this system is the DISTRO switch since it is a custom clfs build. Justin P. Mattock