Note: This is a beta release of Red Hat Bugzilla 5.0. The data contained within is a snapshot of the live data so any changes you make will not be reflected in the production Bugzilla. Also email is disabled so feel free to test any aspect of the site that you want. File any problems you find or give feedback here.
Bug 231008 - Simple HAL rule blocked by SELinux
Summary: Simple HAL rule blocked by SELinux
Keywords:
Status: CLOSED NOTABUG
Alias: None
Product: Fedora
Classification: Fedora
Component: selinux-policy
Version: 5
Hardware: i686
OS: Linux
medium
medium
Target Milestone: ---
Assignee: Daniel Walsh
QA Contact: Ben Levenson
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2007-03-05 15:21 UTC by williamnorfleet2000
Modified: 2007-11-30 22:11 UTC (History)
1 user (show)

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed: 2007-03-09 13:33:57 UTC


Attachments (Terms of Use)

Description williamnorfleet2000 2007-03-05 15:21:07 UTC
Description of problem:
The following simple HAL rule works when SELinux is in permissive mode, but does
not work in enforcing mode:

[bill@lap 95userpolicy]$ cat SonyCamera.fdi
<?xml version="1.0" encoding="ISO-8859-1"?> <!-- -*- SGML -*- -->
<deviceinfo version="0.2">
  <device>
    <match key="block.is_volume" bool="true">
      <match key="volume.fsusage" string="filesystem">
        <match key="@block.storage_device:info.product" string="Sony DSC">
            <merge key="volume.label" type="string">SonyCamera</merge>
        </match>
      </match>
    </match>
  </device>
</deviceinfo>

See below for /var/log/messages.
I apologize if this is a duplicate report.

Version-Release number of selected component (if applicable):
[bill@lap ~]$ rpm -qa | grep -i selinux
selinux-policy-2.3.7-2.fc5
libselinux-1.30.3-4.fc5
selinux-policy-targeted-2.3.7-2.fc5
libselinux-python-1.30.3-4.fc5
libselinux-devel-1.30.3-4.fc5

[bill@lap ~]$ rpm -qa | grep hal
hal-gnome-0.5.7.1-2.fc5
hal-0.5.7.1-2.fc5
hal-cups-utils-0.5.5-1.2.fc5.2

IBM Thinkpad 600E
kernel 2.6.19-1.2288.fc5

How reproducible:
Always when SELinux is in enforcing mode.
Never when SELinux is in permissive mode.

Steps to Reproduce:
1.  Boot computer with SELinux in enforcing mode.
2.  Connect Sony camera
3.  Observe that Sony camera appears in /media as /media/disk, not
/media/SonyCamera as the HAL rule directs
4.  Disconnect Sony camera
5.  Set SELinux to permissive mode.
6.  Connect Sony camera
7.  Observe that Sony camera appears in /media as /media/SonyCamera as the HAL
rule directs
  
Actual results:
See "Steps to Reproduce" above

Expected results:
See "Steps to Reproduce" above

Additional info:

/var/log/messages (dmesg output is similar):
Mar  5 09:01:28 lap kernel: audit(1173103288.649:4): avc:  denied  { getattr }
for  pid=2120 comm="hald" name="SonyCamera.fdi" dev=hda2 ino=620815
scontext=system_u:system_r:hald_t:s0 tcontext=system_u:object_r:nfs_t:s0 tclass=file
Mar  5 09:01:28 lap kernel: audit(1173103288.651:5): avc:  denied  { getattr }
for  pid=2120 comm="hald" name="SonyCamera.fdi" dev=hda2 ino=620815
scontext=system_u:system_r:hald_t:s0 tcontext=system_u:object_r:nfs_t:s0 tclass=file
Mar  5 09:01:29 lap kernel: audit(1173103289.121:6): avc:  denied  { getattr }
for  pid=2120 comm="hald" name="SonyCamera.fdi" dev=hda2 ino=620815
scontext=system_u:system_r:hald_t:s0 tcontext=system_u:object_r:nfs_t:s0 tclass=file
Mar  5 09:01:29 lap kernel: audit(1173103289.123:7): avc:  denied  { getattr }
for  pid=2120 comm="hald" name="SonyCamera.fdi" dev=hda2 ino=620815
scontext=system_u:system_r:hald_t:s0 tcontext=system_u:object_r:nfs_t:s0 tclass=file
Mar  5 09:01:29 lap kernel: audit(1173103289.236:8): avc:  denied  { getattr }
for  pid=2120 comm="hald" name="SonyCamera.fdi" dev=hda2 ino=620815
scontext=system_u:system_r:hald_t:s0 tcontext=system_u:object_r:nfs_t:s0 tclass=file
Mar  5 09:01:29 lap kernel: audit(1173103289.237:9): avc:  denied  { getattr }
for  pid=2120 comm="hald" name="SonyCamera.fdi" dev=hda2 ino=620815
scontext=system_u:system_r:hald_t:s0 tcontext=system_u:object_r:nfs_t:s0 tclass=file
Mar  5 09:01:29 lap kernel: audit(1173103289.338:10): avc:  denied  { getattr }
for  pid=2120 comm="hald" name="SonyCamera.fdi" dev=hda2 ino=620815
scontext=system_u:system_r:hald_t:s0 tcontext=system_u:object_r:nfs_t:s0 tclass=file
Mar  5 09:01:29 lap kernel: audit(1173103289.339:11): avc:  denied  { getattr }
for  pid=2120 comm="hald" name="SonyCamera.fdi" dev=hda2 ino=620815
scontext=system_u:system_r:hald_t:s0 tcontext=system_u:object_r:nfs_t:s0 tclass=file
Mar  5 09:01:29 lap kernel: audit(1173103289.430:12): avc:  denied  { getattr }
for  pid=2120 comm="hald" name="SonyCamera.fdi" dev=hda2 ino=620815
scontext=system_u:system_r:hald_t:s0 tcontext=system_u:object_r:nfs_t:s0 tclass=file
Mar  5 09:01:29 lap kernel: audit(1173103289.432:13): avc:  denied  { getattr }
for  pid=2120 comm="hald" name="SonyCamera.fdi" dev=hda2 ino=620815
scontext=system_u:system_r:hald_t:s0 tcontext=system_u:object_r:nfs_t:s0 tclass=file
Mar  5 09:01:29 lap kernel: audit(1173103289.536:14): avc:  denied  { getattr }
for  pid=2120 comm="hald" name="SonyCamera.fdi" dev=hda2 ino=620815
scontext=system_u:system_r:hald_t:s0 tcontext=system_u:object_r:nfs_t:s0 tclass=file
Mar  5 09:01:29 lap kernel: audit(1173103289.538:15): avc:  denied  { getattr }
for  pid=2120 comm="hald" name="SonyCamera.fdi" dev=hda2 ino=620815
scontext=system_u:system_r:hald_t:s0 tcontext=system_u:object_r:nfs_t:s0 tclass=file
Mar  5 09:01:29 lap kernel: audit(1173103289.647:16): avc:  denied  { getattr }
for  pid=2120 comm="hald" name="SonyCamera.fdi" dev=hda2 ino=620815
scontext=system_u:system_r:hald_t:s0 tcontext=system_u:object_r:nfs_t:s0 tclass=file
Mar  5 09:01:29 lap kernel: audit(1173103289.648:17): avc:  denied  { getattr }
for  pid=2120 comm="hald" name="SonyCamera.fdi" dev=hda2 ino=620815
scontext=system_u:system_r:hald_t:s0 tcontext=system_u:object_r:nfs_t:s0 tclass=file
Mar  5 09:01:29 lap kernel: audit(1173103289.739:18): avc:  denied  { getattr }
for  pid=2120 comm="hald" name="SonyCamera.fdi" dev=hda2 ino=620815
scontext=system_u:system_r:hald_t:s0 tcontext=system_u:object_r:nfs_t:s0 tclass=file
Mar  5 09:01:29 lap kernel: audit(1173103289.741:19): avc:  denied  { getattr }
for  pid=2120 comm="hald" name="SonyCamera.fdi" dev=hda2 ino=620815
scontext=system_u:system_r:hald_t:s0 tcontext=system_u:object_r:nfs_t:s0 tclass=file
Mar  5 09:01:29 lap kernel: audit(1173103289.833:20): avc:  denied  { getattr }
for  pid=2120 comm="hald" name="SonyCamera.fdi" dev=hda2 ino=620815
scontext=system_u:system_r:hald_t:s0 tcontext=system_u:object_r:nfs_t:s0 tclass=file
Mar  5 09:01:29 lap kernel: audit(1173103289.835:21): avc:  denied  { getattr }
for  pid=2120 comm="hald" name="SonyCamera.fdi" dev=hda2 ino=620815
scontext=system_u:system_r:hald_t:s0 tcontext=system_u:object_r:nfs_t:s0 tclass=file
Mar  5 09:01:29 lap kernel: audit(1173103289.942:22): avc:  denied  { getattr }
for  pid=2120 comm="hald" name="SonyCamera.fdi" dev=hda2 ino=620815
scontext=system_u:system_r:hald_t:s0 tcontext=system_u:object_r:nfs_t:s0 tclass=file
Mar  5 09:01:29 lap kernel: audit(1173103289.943:23): avc:  denied  { getattr }
for  pid=2120 comm="hald" name="SonyCamera.fdi" dev=hda2 ino=620815
scontext=system_u:system_r:hald_t:s0 tcontext=system_u:object_r:nfs_t:s0 tclass=file
Mar  5 09:01:30 lap kernel: audit(1173103290.052:24): avc:  denied  { getattr }
for  pid=2120 comm="hald" name="SonyCamera.fdi" dev=hda2 ino=620815
scontext=system_u:system_r:hald_t:s0 tcontext=system_u:object_r:nfs_t:s0 tclass=file
Mar  5 09:01:30 lap kernel: audit(1173103290.053:25): avc:  denied  { getattr }
for  pid=2120 comm="hald" name="SonyCamera.fdi" dev=hda2 ino=620815
scontext=system_u:system_r:hald_t:s0 tcontext=system_u:object_r:nfs_t:s0 tclass=file
Mar  5 09:01:30 lap kernel: audit(1173103290.163:26): avc:  denied  { getattr }
for  pid=2120 comm="hald" name="SonyCamera.fdi" dev=hda2 ino=620815
scontext=system_u:system_r:hald_t:s0 tcontext=system_u:object_r:nfs_t:s0 tclass=file
Mar  5 09:01:30 lap kernel: audit(1173103290.164:27): avc:  denied  { getattr }
for  pid=2120 comm="hald" name="SonyCamera.fdi" dev=hda2 ino=620815
scontext=system_u:system_r:hald_t:s0 tcontext=system_u:object_r:nfs_t:s0 tclass=file
Mar  5 09:01:30 lap kernel: audit(1173103290.257:28): avc:  denied  { getattr }
for  pid=2120 comm="hald" name="SonyCamera.fdi" dev=hda2 ino=620815
scontext=system_u:system_r:hald_t:s0 tcontext=system_u:object_r:nfs_t:s0 tclass=file
Mar  5 09:01:30 lap kernel: audit(1173103290.258:29): avc:  denied  { getattr }
for  pid=2120 comm="hald" name="SonyCamera.fdi" dev=hda2 ino=620815
scontext=system_u:system_r:hald_t:s0 tcontext=system_u:object_r:nfs_t:s0 tclass=file
Mar  5 09:01:30 lap kernel: audit(1173103290.444:30): avc:  denied  { getattr }
for  pid=2120 comm="hald" name="SonyCamera.fdi" dev=hda2 ino=620815
scontext=system_u:system_r:hald_t:s0 tcontext=system_u:object_r:nfs_t:s0 tclass=file
Mar  5 09:01:30 lap kernel: audit(1173103290.446:31): avc:  denied  { getattr }
for  pid=2120 comm="hald" name="SonyCamera.fdi" dev=hda2 ino=620815
scontext=system_u:system_r:hald_t:s0 tcontext=system_u:object_r:nfs_t:s0 tclass=file
Mar  5 09:01:30 lap kernel: audit(1173103290.555:32): avc:  denied  { getattr }
for  pid=2120 comm="hald" name="SonyCamera.fdi" dev=hda2 ino=620815
scontext=system_u:system_r:hald_t:s0 tcontext=system_u:object_r:nfs_t:s0 tclass=file
Mar  5 09:01:30 lap kernel: audit(1173103290.557:33): avc:  denied  { getattr }
for  pid=2120 comm="hald" name="SonyCamera.fdi" dev=hda2 ino=620815
scontext=system_u:system_r:hald_t:s0 tcontext=system_u:object_r:nfs_t:s0 tclass=file
Mar  5 09:01:30 lap kernel: audit(1173103290.651:34): avc:  denied  { getattr }
for  pid=2120 comm="hald" name="SonyCamera.fdi" dev=hda2 ino=620815
scontext=system_u:system_r:hald_t:s0 tcontext=system_u:object_r:nfs_t:s0 tclass=file
Mar  5 09:01:30 lap kernel: audit(1173103290.653:35): avc:  denied  { getattr }
for  pid=2120 comm="hald" name="SonyCamera.fdi" dev=hda2 ino=620815
scontext=system_u:system_r:hald_t:s0 tcontext=system_u:object_r:nfs_t:s0 tclass=file
Mar  5 09:01:30 lap kernel: audit(1173103290.746:36): avc:  denied  { getattr }
for  pid=2120 comm="hald" name="SonyCamera.fdi" dev=hda2 ino=620815
scontext=system_u:system_r:hald_t:s0 tcontext=system_u:object_r:nfs_t:s0 tclass=file
Mar  5 09:01:30 lap kernel: audit(1173103290.747:37): avc:  denied  { getattr }
for  pid=2120 comm="hald" name="SonyCamera.fdi" dev=hda2 ino=620815
scontext=system_u:system_r:hald_t:s0 tcontext=system_u:object_r:nfs_t:s0 tclass=file
Mar  5 09:01:30 lap kernel: audit(1173103290.859:38): avc:  denied  { getattr }
for  pid=2120 comm="hald" name="SonyCamera.fdi" dev=hda2 ino=620815
scontext=system_u:system_r:hald_t:s0 tcontext=system_u:object_r:nfs_t:s0 tclass=file
Mar  5 09:01:30 lap kernel: audit(1173103290.861:39): avc:  denied  { getattr }
for  pid=2120 comm="hald" name="SonyCamera.fdi" dev=hda2 ino=620815
scontext=system_u:system_r:hald_t:s0 tcontext=system_u:object_r:nfs_t:s0 tclass=file
Mar  5 09:01:30 lap kernel: audit(1173103290.969:40): avc:  denied  { getattr }
for  pid=2120 comm="hald" name="SonyCamera.fdi" dev=hda2 ino=620815
scontext=system_u:system_r:hald_t:s0 tcontext=system_u:object_r:nfs_t:s0 tclass=file
Mar  5 09:01:30 lap kernel: audit(1173103290.971:41): avc:  denied  { getattr }
for  pid=2120 comm="hald" name="SonyCamera.fdi" dev=hda2 ino=620815
scontext=system_u:system_r:hald_t:s0 tcontext=system_u:object_r:nfs_t:s0 tclass=file
Mar  5 09:01:31 lap kernel: audit(1173103291.081:42): avc:  denied  { getattr }
for  pid=2120 comm="hald" name="SonyCamera.fdi" dev=hda2 ino=620815
scontext=system_u:system_r:hald_t:s0 tcontext=system_u:object_r:nfs_t:s0 tclass=file
Mar  5 09:01:31 lap kernel: audit(1173103291.082:43): avc:  denied  { getattr }
for  pid=2120 comm="hald" name="SonyCamera.fdi" dev=hda2 ino=620815
scontext=system_u:system_r:hald_t:s0 tcontext=system_u:object_r:nfs_t:s0 tclass=file
Mar  5 09:01:31 lap kernel: audit(1173103291.176:44): avc:  denied  { getattr }
for  pid=2120 comm="hald" name="SonyCamera.fdi" dev=hda2 ino=620815
scontext=system_u:system_r:hald_t:s0 tcontext=system_u:object_r:nfs_t:s0 tclass=file
Mar  5 09:01:31 lap kernel: audit(1173103291.178:45): avc:  denied  { getattr }
for  pid=2120 comm="hald" name="SonyCamera.fdi" dev=hda2 ino=620815
scontext=system_u:system_r:hald_t:s0 tcontext=system_u:object_r:nfs_t:s0 tclass=file
Mar  5 09:01:31 lap kernel: audit(1173103291.270:46): avc:  denied  { getattr }
for  pid=2120 comm="hald" name="SonyCamera.fdi" dev=hda2 ino=620815
scontext=system_u:system_r:hald_t:s0 tcontext=system_u:object_r:nfs_t:s0 tclass=file
Mar  5 09:01:31 lap kernel: audit(1173103291.271:47): avc:  denied  { getattr }
for  pid=2120 comm="hald" name="SonyCamera.fdi" dev=hda2 ino=620815
scontext=system_u:system_r:hald_t:s0 tcontext=system_u:object_r:nfs_t:s0 tclass=file
Mar  5 09:01:31 lap kernel: audit(1173103291.363:48): avc:  denied  { getattr }
for  pid=2120 comm="hald" name="SonyCamera.fdi" dev=hda2 ino=620815
scontext=system_u:system_r:hald_t:s0 tcontext=system_u:object_r:nfs_t:s0 tclass=file
Mar  5 09:01:31 lap kernel: audit(1173103291.365:49): avc:  denied  { getattr }
for  pid=2120 comm="hald" name="SonyCamera.fdi" dev=hda2 ino=620815
scontext=system_u:system_r:hald_t:s0 tcontext=system_u:object_r:nfs_t:s0 tclass=file
Mar  5 09:01:31 lap kernel: audit(1173103291.585:50): avc:  denied  { getattr }
for  pid=2120 comm="hald" name="SonyCamera.fdi" dev=hda2 ino=620815
scontext=system_u:system_r:hald_t:s0 tcontext=system_u:object_r:nfs_t:s0 tclass=file
Mar  5 09:01:31 lap kernel: audit(1173103291.586:51): avc:  denied  { getattr }
for  pid=2120 comm="hald" name="SonyCamera.fdi" dev=hda2 ino=620815
scontext=system_u:system_r:hald_t:s0 tcontext=system_u:object_r:nfs_t:s0 tclass=file
Mar  5 09:01:31 lap kernel: audit(1173103291.717:52): avc:  denied  { getattr }
for  pid=2120 comm="hald" name="SonyCamera.fdi" dev=hda2 ino=620815
scontext=system_u:system_r:hald_t:s0 tcontext=system_u:object_r:nfs_t:s0 tclass=file
Mar  5 09:01:31 lap kernel: audit(1173103291.718:53): avc:  denied  { getattr }
for  pid=2120 comm="hald" name="SonyCamera.fdi" dev=hda2 ino=620815
scontext=system_u:system_r:hald_t:s0 tcontext=system_u:object_r:nfs_t:s0 tclass=file
Mar  5 09:01:31 lap kernel: audit(1173103291.841:54): avc:  denied  { getattr }
for  pid=2120 comm="hald" name="SonyCamera.fdi" dev=hda2 ino=620815
scontext=system_u:system_r:hald_t:s0 tcontext=system_u:object_r:nfs_t:s0 tclass=file
Mar  5 09:01:31 lap kernel: audit(1173103291.843:55): avc:  denied  { getattr }
for  pid=2120 comm="hald" name="SonyCamera.fdi" dev=hda2 ino=620815
scontext=system_u:system_r:hald_t:s0 tcontext=system_u:object_r:nfs_t:s0 tclass=file
Mar  5 09:01:32 lap kernel: audit(1173103292.052:56): avc:  denied  { getattr }
for  pid=2120 comm="hald" name="SonyCamera.fdi" dev=hda2 ino=620815
scontext=system_u:system_r:hald_t:s0 tcontext=system_u:object_r:nfs_t:s0 tclass=file
Mar  5 09:01:32 lap kernel: audit(1173103292.053:57): avc:  denied  { getattr }
for  pid=2120 comm="hald" name="SonyCamera.fdi" dev=hda2 ino=620815
scontext=system_u:system_r:hald_t:s0 tcontext=system_u:object_r:nfs_t:s0 tclass=file
Mar  5 09:01:32 lap kernel: audit(1173103292.169:58): avc:  denied  { getattr }
for  pid=2120 comm="hald" name="SonyCamera.fdi" dev=hda2 ino=620815
scontext=system_u:system_r:hald_t:s0 tcontext=system_u:object_r:nfs_t:s0 tclass=file
Mar  5 09:01:32 lap kernel: audit(1173103292.171:59): avc:  denied  { getattr }
for  pid=2120 comm="hald" name="SonyCamera.fdi" dev=hda2 ino=620815
scontext=system_u:system_r:hald_t:s0 tcontext=system_u:object_r:nfs_t:s0 tclass=file
Mar  5 09:01:32 lap kernel: audit(1173103292.295:60): avc:  denied  { getattr }
for  pid=2120 comm="hald" name="SonyCamera.fdi" dev=hda2 ino=620815
scontext=system_u:system_r:hald_t:s0 tcontext=system_u:object_r:nfs_t:s0 tclass=file
Mar  5 09:01:32 lap kernel: audit(1173103292.296:61): avc:  denied  { getattr }
for  pid=2120 comm="hald" name="SonyCamera.fdi" dev=hda2 ino=620815
scontext=system_u:system_r:hald_t:s0 tcontext=system_u:object_r:nfs_t:s0 tclass=file
Mar  5 09:01:32 lap kernel: audit(1173103292.388:62): avc:  denied  { getattr }
for  pid=2120 comm="hald" name="SonyCamera.fdi" dev=hda2 ino=620815
scontext=system_u:system_r:hald_t:s0 tcontext=system_u:object_r:nfs_t:s0 tclass=file
Mar  5 09:01:32 lap kernel: audit(1173103292.390:63): avc:  denied  { getattr }
for  pid=2120 comm="hald" name="SonyCamera.fdi" dev=hda2 ino=620815
scontext=system_u:system_r:hald_t:s0 tcontext=system_u:object_r:nfs_t:s0 tclass=file
Mar  5 09:01:32 lap kernel: audit(1173103292.483:64): avc:  denied  { getattr }
for  pid=2120 comm="hald" name="SonyCamera.fdi" dev=hda2 ino=620815
scontext=system_u:system_r:hald_t:s0 tcontext=system_u:object_r:nfs_t:s0 tclass=file
Mar  5 09:01:32 lap kernel: audit(1173103292.484:65): avc:  denied  { getattr }
for  pid=2120 comm="hald" name="SonyCamera.fdi" dev=hda2 ino=620815
scontext=system_u:system_r:hald_t:s0 tcontext=system_u:object_r:nfs_t:s0 tclass=file
Mar  5 09:01:32 lap kernel: audit(1173103292.603:66): avc:  denied  { getattr }
for  pid=2120 comm="hald" name="SonyCamera.fdi" dev=hda2 ino=620815
scontext=system_u:system_r:hald_t:s0 tcontext=system_u:object_r:nfs_t:s0 tclass=file
Mar  5 09:01:32 lap kernel: audit(1173103292.604:67): avc:  denied  { getattr }
for  pid=2120 comm="hald" name="SonyCamera.fdi" dev=hda2 ino=620815
scontext=system_u:system_r:hald_t:s0 tcontext=system_u:object_r:nfs_t:s0 tclass=file
Mar  5 09:01:32 lap kernel: audit(1173103292.971:68): avc:  denied  { getattr }
for  pid=2120 comm="hald" name="SonyCamera.fdi" dev=hda2 ino=620815
scontext=system_u:system_r:hald_t:s0 tcontext=system_u:object_r:nfs_t:s0 tclass=file
Mar  5 09:01:32 lap kernel: audit(1173103292.973:69): avc:  denied  { getattr }
for  pid=2120 comm="hald" name="SonyCamera.fdi" dev=hda2 ino=620815
scontext=system_u:system_r:hald_t:s0 tcontext=system_u:object_r:nfs_t:s0 tclass=file
Mar  5 09:01:33 lap kernel: audit(1173103293.205:70): avc:  denied  { getattr }
for  pid=2120 comm="hald" name="SonyCamera.fdi" dev=hda2 ino=620815
scontext=system_u:system_r:hald_t:s0 tcontext=system_u:object_r:nfs_t:s0 tclass=file
Mar  5 09:01:33 lap kernel: audit(1173103293.207:71): avc:  denied  { getattr }
for  pid=2120 comm="hald" name="SonyCamera.fdi" dev=hda2 ino=620815
scontext=system_u:system_r:hald_t:s0 tcontext=system_u:object_r:nfs_t:s0 tclass=file
Mar  5 09:01:33 lap kernel: audit(1173103293.537:72): avc:  denied  { getattr }
for  pid=2120 comm="hald" name="SonyCamera.fdi" dev=hda2 ino=620815
scontext=system_u:system_r:hald_t:s0 tcontext=system_u:object_r:nfs_t:s0 tclass=file
Mar  5 09:01:33 lap kernel: audit(1173103293.539:73): avc:  denied  { getattr }
for  pid=2120 comm="hald" name="SonyCamera.fdi" dev=hda2 ino=620815
scontext=system_u:system_r:hald_t:s0 tcontext=system_u:object_r:nfs_t:s0 tclass=file
Mar  5 09:01:33 lap kernel: audit(1173103293.670:74): avc:  denied  { getattr }
for  pid=2120 comm="hald" name="SonyCamera.fdi" dev=hda2 ino=620815
scontext=system_u:system_r:hald_t:s0 tcontext=system_u:object_r:nfs_t:s0 tclass=file
Mar  5 09:01:33 lap kernel: audit(1173103293.671:75): avc:  denied  { getattr }
for  pid=2120 comm="hald" name="SonyCamera.fdi" dev=hda2 ino=620815
scontext=system_u:system_r:hald_t:s0 tcontext=system_u:object_r:nfs_t:s0 tclass=file
Mar  5 09:01:33 lap kernel: audit(1173103293.932:76): avc:  denied  { getattr }
for  pid=2120 comm="hald" name="SonyCamera.fdi" dev=hda2 ino=620815
scontext=system_u:system_r:hald_t:s0 tcontext=system_u:object_r:nfs_t:s0 tclass=file
Mar  5 09:01:33 lap kernel: audit(1173103293.933:77): avc:  denied  { getattr }
for  pid=2120 comm="hald" name="SonyCamera.fdi" dev=hda2 ino=620815
scontext=system_u:system_r:hald_t:s0 tcontext=system_u:object_r:nfs_t:s0 tclass=file
Mar  5 09:01:34 lap kernel: audit(1173103294.084:78): avc:  denied  { getattr }
for  pid=2120 comm="hald" name="SonyCamera.fdi" dev=hda2 ino=620815
scontext=system_u:system_r:hald_t:s0 tcontext=system_u:object_r:nfs_t:s0 tclass=file
Mar  5 09:01:34 lap kernel: audit(1173103294.086:79): avc:  denied  { getattr }
for  pid=2120 comm="hald" name="SonyCamera.fdi" dev=hda2 ino=620815
scontext=system_u:system_r:hald_t:s0 tcontext=system_u:object_r:nfs_t:s0 tclass=file
Mar  5 09:01:34 lap kernel: audit(1173103294.310:80): avc:  denied  { getattr }
for  pid=2120 comm="hald" name="SonyCamera.fdi" dev=hda2 ino=620815
scontext=system_u:system_r:hald_t:s0 tcontext=system_u:object_r:nfs_t:s0 tclass=file
Mar  5 09:01:34 lap kernel: audit(1173103294.312:81): avc:  denied  { getattr }
for  pid=2120 comm="hald" name="SonyCamera.fdi" dev=hda2 ino=620815
scontext=system_u:system_r:hald_t:s0 tcontext=system_u:object_r:nfs_t:s0 tclass=file
Mar  5 09:01:34 lap kernel: audit(1173103294.416:82): avc:  denied  { getattr }
for  pid=2120 comm="hald" name="SonyCamera.fdi" dev=hda2 ino=620815
scontext=system_u:system_r:hald_t:s0 tcontext=system_u:object_r:nfs_t:s0 tclass=file
Mar  5 09:01:34 lap kernel: audit(1173103294.418:83): avc:  denied  { getattr }
for  pid=2120 comm="hald" name="SonyCamera.fdi" dev=hda2 ino=620815
scontext=system_u:system_r:hald_t:s0 tcontext=system_u:object_r:nfs_t:s0 tclass=file
Mar  5 09:01:34 lap kernel: audit(1173103294.505:84): avc:  denied  { getattr }
for  pid=2120 comm="hald" name="SonyCamera.fdi" dev=hda2 ino=620815
scontext=system_u:system_r:hald_t:s0 tcontext=system_u:object_r:nfs_t:s0 tclass=file
Mar  5 09:01:34 lap kernel: audit(1173103294.507:85): avc:  denied  { getattr }
for  pid=2120 comm="hald" name="SonyCamera.fdi" dev=hda2 ino=620815
scontext=system_u:system_r:hald_t:s0 tcontext=system_u:object_r:nfs_t:s0 tclass=file
Mar  5 09:01:35 lap kernel: audit(1173103295.022:86): avc:  denied  { getattr }
for  pid=2120 comm="hald" name="SonyCamera.fdi" dev=hda2 ino=620815
scontext=system_u:system_r:hald_t:s0 tcontext=system_u:object_r:nfs_t:s0 tclass=file
Mar  5 09:01:35 lap kernel: audit(1173103295.024:87): avc:  denied  { getattr }
for  pid=2120 comm="hald" name="SonyCamera.fdi" dev=hda2 ino=620815
scontext=system_u:system_r:hald_t:s0 tcontext=system_u:object_r:nfs_t:s0 tclass=file
Mar  5 09:01:35 lap kernel: audit(1173103295.461:88): avc:  denied  { getattr }
for  pid=2120 comm="hald" name="SonyCamera.fdi" dev=hda2 ino=620815
scontext=system_u:system_r:hald_t:s0 tcontext=system_u:object_r:nfs_t:s0 tclass=file
Mar  5 09:01:35 lap kernel: audit(1173103295.463:89): avc:  denied  { getattr }
for  pid=2120 comm="hald" name="SonyCamera.fdi" dev=hda2 ino=620815
scontext=system_u:system_r:hald_t:s0 tcontext=system_u:object_r:nfs_t:s0 tclass=file
Mar  5 09:01:35 lap kernel: audit(1173103295.682:90): avc:  denied  { getattr }
for  pid=2120 comm="hald" name="SonyCamera.fdi" dev=hda2 ino=620815
scontext=system_u:system_r:hald_t:s0 tcontext=system_u:object_r:nfs_t:s0 tclass=file
Mar  5 09:01:35 lap kernel: audit(1173103295.684:91): avc:  denied  { getattr }
for  pid=2120 comm="hald" name="SonyCamera.fdi" dev=hda2 ino=620815
scontext=system_u:system_r:hald_t:s0 tcontext=system_u:object_r:nfs_t:s0 tclass=file
Mar  5 09:01:36 lap kernel: audit(1173103296.195:92): avc:  denied  { getattr }
for  pid=2120 comm="hald" name="SonyCamera.fdi" dev=hda2 ino=620815
scontext=system_u:system_r:hald_t:s0 tcontext=system_u:object_r:nfs_t:s0 tclass=file
Mar  5 09:01:36 lap kernel: audit(1173103296.198:93): avc:  denied  { getattr }
for  pid=2120 comm="hald" name="SonyCamera.fdi" dev=hda2 ino=620815
scontext=system_u:system_r:hald_t:s0 tcontext=system_u:object_r:nfs_t:s0 tclass=file
Mar  5 09:01:36 lap kernel: audit(1173103296.471:94): avc:  denied  { getattr }
for  pid=2120 comm="hald" name="SonyCamera.fdi" dev=hda2 ino=620815
scontext=system_u:system_r:hald_t:s0 tcontext=system_u:object_r:nfs_t:s0 tclass=file
Mar  5 09:01:36 lap kernel: audit(1173103296.472:95): avc:  denied  { getattr }
for  pid=2120 comm="hald" name="SonyCamera.fdi" dev=hda2 ino=620815
scontext=system_u:system_r:hald_t:s0 tcontext=system_u:object_r:nfs_t:s0 tclass=file
Mar  5 09:01:36 lap kernel: audit(1173103296.803:96): avc:  denied  { getattr }
for  pid=2120 comm="hald" name="SonyCamera.fdi" dev=hda2 ino=620815
scontext=system_u:system_r:hald_t:s0 tcontext=system_u:object_r:nfs_t:s0 tclass=file
Mar  5 09:01:36 lap kernel: audit(1173103296.805:97): avc:  denied  { getattr }
for  pid=2120 comm="hald" name="SonyCamera.fdi" dev=hda2 ino=620815
scontext=system_u:system_r:hald_t:s0 tcontext=system_u:object_r:nfs_t:s0 tclass=file
Mar  5 09:01:37 lap kernel: audit(1173103297.129:98): avc:  denied  { getattr }
for  pid=2120 comm="hald" name="SonyCamera.fdi" dev=hda2 ino=620815
scontext=system_u:system_r:hald_t:s0 tcontext=system_u:object_r:nfs_t:s0 tclass=file
Mar  5 09:01:37 lap kernel: audit(1173103297.129:99): avc:  denied  { getattr }
for  pid=2120 comm="hald" name="SonyCamera.fdi" dev=hda2 ino=620815
scontext=system_u:system_r:hald_t:s0 tcontext=system_u:object_r:nfs_t:s0 tclass=file
Mar  5 09:01:37 lap kernel: audit(1173103297.442:100): avc:  denied  { getattr }
for  pid=2120 comm="hald" name="SonyCamera.fdi" dev=hda2 ino=620815
scontext=system_u:system_r:hald_t:s0 tcontext=system_u:object_r:nfs_t:s0 tclass=file
Mar  5 09:01:37 lap kernel: audit(1173103297.444:101): avc:  denied  { getattr }
for  pid=2120 comm="hald" name="SonyCamera.fdi" dev=hda2 ino=620815
scontext=system_u:system_r:hald_t:s0 tcontext=system_u:object_r:nfs_t:s0 tclass=file
Mar  5 09:01:37 lap kernel: audit(1173103297.538:102): avc:  denied  { getattr }
for  pid=2120 comm="hald" name="SonyCamera.fdi" dev=hda2 ino=620815
scontext=system_u:system_r:hald_t:s0 tcontext=system_u:object_r:nfs_t:s0 tclass=file
Mar  5 09:01:37 lap kernel: audit(1173103297.540:103): avc:  denied  { getattr }
for  pid=2120 comm="hald" name="SonyCamera.fdi" dev=hda2 ino=620815
scontext=system_u:system_r:hald_t:s0 tcontext=system_u:object_r:nfs_t:s0 tclass=file
Mar  5 09:01:37 lap irattach: executing: 'echo lap > /proc/sys/net/irda/devname'
Mar  5 09:01:37 lap kernel: audit(1173103297.737:104): avc:  denied  { getattr }
for  pid=2120 comm="hald" name="SonyCamera.fdi" dev=hda2 ino=620815
scontext=system_u:system_r:hald_t:s0 tcontext=system_u:object_r:nfs_t:s0 tclass=file
Mar  5 09:01:37 lap kernel: audit(1173103297.739:105): avc:  denied  { getattr }
for  pid=2120 comm="hald" name="SonyCamera.fdi" dev=hda2 ino=620815
scontext=system_u:system_r:hald_t:s0 tcontext=system_u:object_r:nfs_t:s0 tclass=file
Mar  5 09:01:37 lap kernel: audit(1173103297.832:106): avc:  denied  { getattr }
for  pid=2120 comm="hald" name="SonyCamera.fdi" dev=hda2 ino=620815
scontext=system_u:system_r:hald_t:s0 tcontext=system_u:object_r:nfs_t:s0 tclass=file
Mar  5 09:01:37 lap kernel: audit(1173103297.833:107): avc:  denied  { getattr }
for  pid=2120 comm="hald" name="SonyCamera.fdi" dev=hda2 ino=620815
scontext=system_u:system_r:hald_t:s0 tcontext=system_u:object_r:nfs_t:s0 tclass=file
Mar  5 09:01:37 lap irattach: executing: 'echo 1 > /proc/sys/net/irda/discovery'
Mar  5 09:01:38 lap irattach: Starting device irda0
Mar  5 09:01:53 lap gconfd (bill-2438): starting (version 2.14.0), pid 2438 user
'bill'
Mar  5 09:01:53 lap gconfd (bill-2438): Resolved address
"xml:readonly:/etc/gconf/gconf.xml.mandatory" to a read-only configuration
source at position 0
Mar  5 09:01:53 lap gconfd (bill-2438): Resolved address
"xml:readwrite:/home/bill/.gconf" to a writable configuration source at position 1
Mar  5 09:01:53 lap gconfd (bill-2438): Resolved address
"xml:readonly:/etc/gconf/gconf.xml.defaults" to a read-only configuration source
at position 2
Mar  5 09:02:06 lap gconfd (bill-2438): Resolved address
"xml:readwrite:/home/bill/.gconf" to a writable configuration source at position 0
Mar  5 09:02:39 lap kernel: TSC appears to be running slowly. Marking it as unstable
Mar  5 09:02:39 lap kernel: Time: pit clocksource has been installed.
Mar  5 09:03:10 lap ntpd[1858]: frequency initialized 489.542 PPM from
/var/lib/ntp/drift
Mar  5 09:03:50 lap ntpd[1858]: getaddrinfo: "0.fedora.pool.ntp.org" invalid
host address, ignored
Mar  5 09:04:30 lap ntpd[1858]: getaddrinfo: "1.fedora.pool.ntp.org" invalid
host address, ignored
Mar  5 09:05:10 lap ntpd[1858]: getaddrinfo: "2.fedora.pool.ntp.org" invalid
host address, ignored
Mar  5 09:05:33 lap kernel: usb 1-1: new full speed USB device using uhci_hcd
and address 2
Mar  5 09:05:33 lap kernel: usb 1-1: configuration #1 chosen from 1 choice
Mar  5 09:05:33 lap kernel: audit(1173103533.803:108): avc:  denied  { getattr }
for  pid=2120 comm="hald" name="SonyCamera.fdi" dev=hda2 ino=620815
scontext=system_u:system_r:hald_t:s0 tcontext=system_u:object_r:nfs_t:s0 tclass=file
Mar  5 09:05:33 lap kernel: audit(1173103533.806:109): avc:  denied  { getattr }
for  pid=2120 comm="hald" name="SonyCamera.fdi" dev=hda2 ino=620815
scontext=system_u:system_r:hald_t:s0 tcontext=system_u:object_r:nfs_t:s0 tclass=file
Mar  5 09:05:34 lap kernel: audit(1173103534.168:110): avc:  denied  { getattr }
for  pid=2120 comm="hald" name="SonyCamera.fdi" dev=hda2 ino=620815
scontext=system_u:system_r:hald_t:s0 tcontext=system_u:object_r:nfs_t:s0 tclass=file
Mar  5 09:05:34 lap kernel: audit(1173103534.169:111): avc:  denied  { getattr }
for  pid=2120 comm="hald" name="SonyCamera.fdi" dev=hda2 ino=620815
scontext=system_u:system_r:hald_t:s0 tcontext=system_u:object_r:nfs_t:s0 tclass=file
Mar  5 09:05:34 lap kernel: audit(1173103534.567:112): avc:  denied  { getattr }
for  pid=2120 comm="hald" name="SonyCamera.fdi" dev=hda2 ino=620815
scontext=system_u:system_r:hald_t:s0 tcontext=system_u:object_r:nfs_t:s0 tclass=file
Mar  5 09:05:34 lap kernel: audit(1173103534.569:113): avc:  denied  { getattr }
for  pid=2120 comm="hald" name="SonyCamera.fdi" dev=hda2 ino=620815
scontext=system_u:system_r:hald_t:s0 tcontext=system_u:object_r:nfs_t:s0 tclass=file
Mar  5 09:05:34 lap kernel: Initializing USB Mass Storage driver...
Mar  5 09:05:34 lap kernel: scsi0 : SCSI emulation for USB Mass Storage devices
Mar  5 09:05:34 lap kernel: usbcore: registered new interface driver usb-storage
Mar  5 09:05:34 lap kernel: USB Mass Storage support registered.
Mar  5 09:05:34 lap kernel: audit(1173103534.813:114): avc:  denied  { getattr }
for  pid=2120 comm="hald" name="SonyCamera.fdi" dev=hda2 ino=620815
scontext=system_u:system_r:hald_t:s0 tcontext=system_u:object_r:nfs_t:s0 tclass=file
Mar  5 09:05:34 lap kernel: audit(1173103534.814:115): avc:  denied  { getattr }
for  pid=2120 comm="hald" name="SonyCamera.fdi" dev=hda2 ino=620815
scontext=system_u:system_r:hald_t:s0 tcontext=system_u:object_r:nfs_t:s0 tclass=file
Mar  5 09:05:39 lap kernel: scsi 0:0:0:0: Direct-Access     Sony     Sony DSC  
      4.50 PQ: 0 ANSI: 0 CCS
Mar  5 09:05:39 lap kernel: audit(1173103539.864:116): avc:  denied  { getattr }
for  pid=2120 comm="hald" name="SonyCamera.fdi" dev=hda2 ino=620815
scontext=system_u:system_r:hald_t:s0 tcontext=system_u:object_r:nfs_t:s0 tclass=file
Mar  5 09:05:39 lap kernel: audit(1173103539.867:117): avc:  denied  { getattr }
for  pid=2120 comm="hald" name="SonyCamera.fdi" dev=hda2 ino=620815
scontext=system_u:system_r:hald_t:s0 tcontext=system_u:object_r:nfs_t:s0 tclass=file
Mar  5 09:05:40 lap kernel: audit(1173103540.080:118): avc:  denied  { getattr }
for  pid=2120 comm="hald" name="SonyCamera.fdi" dev=hda2 ino=620815
scontext=system_u:system_r:hald_t:s0 tcontext=system_u:object_r:nfs_t:s0 tclass=file
Mar  5 09:05:40 lap kernel: audit(1173103540.082:119): avc:  denied  { getattr }
for  pid=2120 comm="hald" name="SonyCamera.fdi" dev=hda2 ino=620815
scontext=system_u:system_r:hald_t:s0 tcontext=system_u:object_r:nfs_t:s0 tclass=file
Mar  5 09:05:40 lap kernel: scsi 0:0:0:0: Attached scsi generic sg0 type 0
Mar  5 09:05:40 lap kernel: SCSI device sda: 126848 512-byte hdwr sectors (65 MB)
Mar  5 09:05:40 lap kernel: sda: assuming Write Enabled
Mar  5 09:05:40 lap kernel: sda: assuming drive cache: write through
Mar  5 09:05:40 lap kernel: SCSI device sda: 126848 512-byte hdwr sectors (65 MB)
Mar  5 09:05:40 lap kernel: sda: assuming Write Enabled
Mar  5 09:05:40 lap kernel: sda: assuming drive cache: write through
Mar  5 09:05:40 lap kernel:  sda: sda1
Mar  5 09:05:40 lap kernel: sd 0:0:0:0: Attached scsi removable disk sda
Mar  5 09:05:40 lap kernel: audit(1173103540.748:120): avc:  denied  { getattr }
for  pid=2120 comm="hald" name="SonyCamera.fdi" dev=hda2 ino=620815
scontext=system_u:system_r:hald_t:s0 tcontext=system_u:object_r:nfs_t:s0 tclass=file
Mar  5 09:05:40 lap kernel: audit(1173103540.751:121): avc:  denied  { getattr }
for  pid=2120 comm="hald" name="SonyCamera.fdi" dev=hda2 ino=620815
scontext=system_u:system_r:hald_t:s0 tcontext=system_u:object_r:nfs_t:s0 tclass=file
Mar  5 09:05:41 lap kernel: audit(1173103541.367:122): avc:  denied  { getattr }
for  pid=2120 comm="hald" name="SonyCamera.fdi" dev=hda2 ino=620815
scontext=system_u:system_r:hald_t:s0 tcontext=system_u:object_r:nfs_t:s0 tclass=file
Mar  5 09:05:41 lap kernel: audit(1173103541.369:123): avc:  denied  { getattr }
for  pid=2120 comm="hald" name="SonyCamera.fdi" dev=hda2 ino=620815
scontext=system_u:system_r:hald_t:s0 tcontext=system_u:object_r:nfs_t:s0 tclass=file
Mar  5 09:05:42 lap kernel: SELinux: initialized (dev sda1, type vfat), uses
genfs_contexts
[root@lap log]#

Comment 1 Daniel Walsh 2007-03-06 18:00:18 UTC
This says that hal is trying to look at an NFS file system?  Is that correct?

Comment 2 williamnorfleet2000 2007-03-06 19:47:50 UTC
The camera is plugged directly into the USB port on the computer ("lap")
discussed in the bugreport above.  The computer is set up as an NFS client to
share a directory on another linux box.  This share is not automatically mounted
on "lap" at boot.  I am not certain if the share was mounted when the
/var/log/messages above were written.  

Madam or sir, I am embarrassed to report that just now I tried this HAL rule
again with SELinux in enforcing mode, and it worked fine repeatedly, both with
the NFS share mounted and unmounted, with no weird dmesg or /var/log/messages
output.  The behavior described in this bugreport had been persistent for about
a week, but today seems to have disappeared without a trace.  Could "service
haldaemon restart" with the NFS share mounted lead HAL or SELinux astray in a
way that is persistent for a few days?  Perhaps I issued that command when I was
writing this HAL rule.  I'll be glad to repeat this command if it might produce
useful information.  In any event, the "audit" errors above suggest that I have
not actually been hallucinating, but I otherwise have no explanation for why the
machine broke and subsequently recovered.  I hope I have not wasted your time.


Comment 3 Daniel Walsh 2007-03-06 21:30:23 UTC
See if it happens on a reboot, if not, I have no idea what is going on.

The avc message indicats hal was trying to stat SonyCamera.fdi on an NFS partition.

Comment 4 williamnorfleet2000 2007-03-07 16:05:07 UTC
Bug is not present after reboot.  Bug is not induced by "service haldaemon
restart" with NFS share mounted.  I can't reproduce this bug, and I don't know
why HAL went off on this tangent a few days ago.

Comment 5 Daniel Walsh 2007-03-09 13:33:57 UTC
Ok, I will close it, reopen if it happens again.


Note You need to log in before you can comment on or make changes to this bug.