Hi Sven, nice to meet you again and thank you for your work in SELinux
and for your help.
I did as you suggested reading the denials step by step. Anyway I didn't
find a way to start pulseaudio seprately, but I don't think it's really
pulseaudio related. I beleave it's hardware revealing related because
nor pulsaudio, nor kmix, nor systemsettings can see the audio card, they
can only use the "output dummy" card.
Now the step by step denials.
I firstly removed the xdm initscript from the default runlevel and I
started it manually. After starting xdm these were the denials:
Aug 22 08:39:03 dell-studio kernel: [ 162.895575] type=1400
audit(1345617543.503:121): avc: denied { getattr } for pid=2010
comm="console-kit-dae" path="/run/ConsoleKit" dev="tmpfs" ino=4632
scontext=system_u:system_r:consolekit_t
tcontext=system_u:object_r:initrc_var_run_t tclass=dir
Aug 22 08:39:27 dell-studio kernel: [ 187.237204] type=1400
audit(1345617567.845:122): avc: denied { getattr } for pid=2010
comm="console-kit-dae" path="/run/ConsoleKit" dev="tmpfs" ino=4632
scontext=system_u:system_r:consolekit_t
tcontext=system_u:object_r:initrc_var_run_t tclass=dir
Aug 22 08:39:27 dell-studio kernel: [ 187.239432] type=1400
audit(1345617567.847:123): avc: denied { search } for pid=3086
comm="udev-acl.ck" name="ConsoleKit" dev="tmpfs" ino=4632
scontext=system_u:system_r:consolekit_t
tcontext=system_u:object_r:initrc_var_run_t tclass=dir
Aug 22 08:39:27 dell-studio kernel: [ 187.239574] type=1400
audit(1345617567.847:124): avc: denied { read } for pid=3086
comm="udev-acl.ck" name="udev-acl" dev="tmpfs" ino=1427
scontext=system_u:system_r:consolekit_t
tcontext=system_u:object_r:udev_var_run_t tclass=dir
Aug 22 08:39:34 dell-studio kernel: [ 193.781500] type=1400
audit(1345617574.389:125): avc: denied { getattr } for pid=2010
comm="console-kit-dae" path="/run/ConsoleKit" dev="tmpfs" ino=4632
scontext=system_u:system_r:consolekit_t
tcontext=system_u:object_r:initrc_var_run_t tclass=dir
Aug 22 08:39:34 dell-studio kernel: [ 193.785181] type=1400
audit(1345617574.393:126): avc: denied { read } for pid=3101
comm="udev-acl.ck" name="udev-acl" dev="tmpfs" ino=1427
scontext=system_u:system_r:consolekit_t
tcontext=system_u:object_r:udev_var_run_t tclass=dir
After logging in kdm I read:
Aug 22 08:40:04 dell-studio kernel: [ 223.565209] type=1400
audit(1345617604.173:127): avc: denied { getattr } for pid=2010
comm="console-kit-dae" path="/run/ConsoleKit" dev="tmpfs" ino=4632
scontext=system_u:system_r:consolekit_t
tcontext=system_u:object_r:initrc_var_run_t tclass=dir
Aug 22 08:40:06 dell-studio kernel: [ 226.166311] type=1400
audit(1345617606.774:128): avc: denied { getattr } for pid=2010
comm="console-kit-dae" path="/run/ConsoleKit" dev="tmpfs" ino=4632
scontext=system_u:system_r:consolekit_t
tcontext=system_u:object_r:initrc_var_run_t tclass=dir
Aug 22 08:40:06 dell-studio kernel: [ 226.172123] type=1400
audit(1345617606.780:129): avc: denied { search } for pid=3106
comm="udev-acl.ck" name="ConsoleKit" dev="tmpfs" ino=4632
scontext=system_u:system_r:consolekit_t
tcontext=system_u:object_r:initrc_var_run_t tclass=dir
Aug 22 08:40:06 dell-studio kernel: [ 226.172508] type=1400
audit(1345617606.780:130): avc: denied { read } for pid=3106
comm="udev-acl.ck" name="udev-acl" dev="tmpfs" ino=1427
scontext=system_u:system_r:consolekit_t
tcontext=system_u:object_r:udev_var_run_t tclass=dir
Aug 22 08:40:15 dell-studio kernel: [ 234.411908] type=1400
audit(1345617615.019:131): avc: denied { getattr } for pid=2010
comm="console-kit-dae" path="/run/ConsoleKit" dev="tmpfs" ino=4632
scontext=system_u:system_r:consolekit_t
tcontext=system_u:object_r:initrc_var_run_t tclass=dir
Aug 22 08:40:15 dell-studio kernel: [ 234.415286] type=1400
audit(1345617615.023:132): avc: denied { read } for pid=3109
comm="udev-acl.ck" name="udev-acl" dev="tmpfs" ino=1427
scontext=system_u:system_r:consolekit_t
tcontext=system_u:object_r:udev_var_run_t tclass=dir
Aug 22 08:40:34 dell-studio kernel: [ 253.639780] type=1400
audit(1345617634.247:133): avc: denied { getattr } for pid=2010
comm="console-kit-dae" path="/run/ConsoleKit" dev="tmpfs" ino=4632
scontext=system_u:system_r:consolekit_t
tcontext=system_u:object_r:initrc_var_run_t tclass=dir
Aug 22 08:40:34 dell-studio kernel: [ 253.645402] type=1400
audit(1345617634.253:134): avc: denied { search } for pid=3111
comm="udev-acl.ck" name="ConsoleKit" dev="tmpfs" ino=4632
scontext=system_u:system_r:consolekit_t
tcontext=system_u:object_r:initrc_var_run_t tclass=dir
Aug 22 08:40:34 dell-studio kernel: [ 253.645790] type=1400
audit(1345617634.253:135): avc: denied { read } for pid=3111
comm="udev-acl.ck" name="udev-acl" dev="tmpfs" ino=1427
scontext=system_u:system_r:consolekit_t
tcontext=system_u:object_r:udev_var_run_t tclass=dir
Aug 22 08:40:35 dell-studio kernel: [ 254.527065] type=1400
audit(1345617635.135:136): avc: denied { search } for pid=1980
comm="dbus-daemon" name="console" dev="tmpfs" ino=6314
scontext=system_u:system_r:system_dbusd_t
tcontext=system_u:object_r:consolekit_var_run_t tclass=dir
Aug 22 08:40:35 dell-studio kernel: [ 254.527789] type=1400
audit(1345617635.135:137): avc: denied { read } for pid=2010
comm="console-kit-dae" name="machine-id" dev="sda7" ino=184383
scontext=system_u:system_r:consolekit_t
tcontext=system_u:object_r:system_dbusd_var_lib_t tclass=lnk_file
Aug 22 08:40:35 dell-studio kernel: [ 254.530276] type=1400
audit(1345617635.138:138): avc: denied { getattr } for pid=2010
comm="console-kit-dae" path="/run/ConsoleKit" dev="tmpfs" ino=4632
scontext=system_u:system_r:consolekit_t
tcontext=system_u:object_r:initrc_var_run_t tclass=dir
Aug 22 08:40:35 dell-studio kernel: [ 254.535883] type=1400
audit(1345617635.143:139): avc: denied { getattr } for pid=2010
comm="console-kit-dae" path="/run/ConsoleKit" dev="tmpfs" ino=4632
scontext=system_u:system_r:consolekit_t
tcontext=system_u:object_r:initrc_var_run_t tclass=dir
Aug 22 08:40:35 dell-studio kernel: [ 254.537701] type=1400
audit(1345617635.145:140): avc: denied { read } for pid=3121
comm="udev-acl.ck" name="udev-acl" dev="tmpfs" ino=1427
scontext=system_u:system_r:consolekit_t
tcontext=system_u:object_r:udev_var_run_t tclass=dir
Aug 22 08:40:36 dell-studio kernel: [ 255.550398] type=1400
audit(1345617636.158:141): avc: denied { search } for pid=1980
comm="dbus-daemon" name="console" dev="tmpfs" ino=6314
scontext=system_u:system_r:system_dbusd_t
tcontext=system_u:object_r:consolekit_var_run_t tclass=dir
Aug 22 08:40:36 dell-studio kernel: [ 255.554058] type=1400
audit(1345617636.162:142): avc: denied { search } for pid=1980
comm="dbus-daemon" name="console" dev="tmpfs" ino=6314
scontext=system_u:system_r:system_dbusd_t
tcontext=system_u:object_r:consolekit_var_run_t tclass=dir
Aug 22 08:40:40 dell-studio kernel: [ 259.566581] type=1400
audit(1345617640.174:143): avc: denied { search } for pid=1980
comm="dbus-daemon" name="console" dev="tmpfs" ino=6314
scontext=system_u:system_r:system_dbusd_t
tcontext=system_u:object_r:consolekit_var_run_t tclass=dir
Aug 22 08:40:40 dell-studio kernel: [ 259.569518] type=1400
audit(1345617640.177:144): avc: denied { execute } for pid=3194
comm="dbus-daemon-lau" name="upowerd" dev="sda5" ino=939375
scontext=system_u:system_r:system_dbusd_t
tcontext=system_u:object_r:bin_t tclass=file
Aug 22 08:40:40 dell-studio kernel: [ 259.572229] type=1400
audit(1345617640.180:145): avc: denied { execute } for pid=3197
comm="dbus-daemon-lau" name="upowerd" dev="sda5" ino=939375
scontext=system_u:system_r:system_dbusd_t
tcontext=system_u:object_r:bin_t tclass=file
Aug 22 08:40:40 dell-studio kernel: [ 259.574665] type=1400
audit(1345617640.182:146): avc: denied { execute } for pid=3199
comm="dbus-daemon-lau" name="udisks-daemon" dev="sda5" ino=939378
scontext=system_u:system_r:system_dbusd_t
tcontext=system_u:object_r:bin_t tclass=file
Aug 22 08:40:40 dell-studio kernel: [ 259.577151] type=1400
audit(1345617640.185:147): avc: denied { execute } for pid=3201
comm="dbus-daemon-lau" name="udisks-daemon" dev="sda5" ino=939378
scontext=system_u:system_r:system_dbusd_t
tcontext=system_u:object_r:bin_t tclass=file
Aug 22 08:40:40 dell-studio kernel: [ 259.579385] type=1400
audit(1345617640.187:148): avc: denied { execute } for pid=3203
comm="dbus-daemon-lau" name="udisks-daemon" dev="sda5" ino=939378
scontext=system_u:system_r:system_dbusd_t
tcontext=system_u:object_r:bin_t tclass=file
Aug 22 08:40:40 dell-studio kernel: [ 259.581693] type=1400
audit(1345617640.189:149): avc: denied { execute } for pid=3205
comm="dbus-daemon-lau" name="udisks-daemon" dev="sda5" ino=939378
scontext=system_u:system_r:system_dbusd_t
tcontext=system_u:object_r:bin_t tclass=file
Aug 22 08:40:40 dell-studio kernel: [ 259.583959] type=1400
audit(1345617640.191:150): avc: denied { execute } for pid=3207
comm="dbus-daemon-lau" name="udisks-daemon" dev="sda5" ino=939378
scontext=system_u:system_r:system_dbusd_t
tcontext=system_u:object_r:bin_t tclass=file
Aug 22 08:40:40 dell-studio kernel: [ 260.191675] type=1400
audit(1345617640.799:151): avc: denied { execmem } for pid=3214
comm="kwin_opengl_tes" scontext=unconfined_u:unconfined_r:unconfined_t
tcontext=unconfined_u:unconfined_r:unconfined_t tclass=process
Aug 22 08:40:44 dell-studio kernel: [ 263.474683] type=1400
audit(1345617644.082:152): avc: denied { search } for pid=1980
comm="dbus-daemon" name="console" dev="tmpfs" ino=6314
scontext=system_u:system_r:system_dbusd_t
tcontext=system_u:object_r:consolekit_var_run_t tclass=dir
Aug 22 08:40:57 dell-studio kernel: [ 276.731494] type=1400
audit(1345617657.339:162): avc: denied { search } for pid=1980
comm="dbus-daemon" name="console" dev="tmpfs" ino=6314
scontext=system_u:system_r:system_dbusd_t
tcontext=system_u:object_r:consolekit_var_run_t tclass=dir
Aug 22 08:40:57 dell-studio kernel: [ 276.733813] type=1400
audit(1345617657.341:163): avc: denied { execute } for pid=3284
comm="dbus-daemon-lau" name="upowerd" dev="sda5" ino=939375
scontext=system_u:system_r:system_dbusd_t
tcontext=system_u:object_r:bin_t tclass=file
Aug 22 08:40:57 dell-studio kernel: [ 276.736414] type=1400
audit(1345617657.344:164): avc: denied { execute } for pid=3286
comm="dbus-daemon-lau" name="upowerd" dev="sda5" ino=939375
scontext=system_u:system_r:system_dbusd_t
tcontext=system_u:object_r:bin_t tclass=file
Aug 22 08:40:57 dell-studio kernel: [ 276.738821] type=1400
audit(1345617657.346:165): avc: denied { execute } for pid=3288
comm="dbus-daemon-lau" name="udisks-daemon" dev="sda5" ino=939378
scontext=system_u:system_r:system_dbusd_t
tcontext=system_u:object_r:bin_t tclass=file
Aug 22 08:40:57 dell-studio kernel: [ 276.741286] type=1400
audit(1345617657.349:166): avc: denied { execute } for pid=3290
comm="dbus-daemon-lau" name="udisks-daemon" dev="sda5" ino=939378
scontext=system_u:system_r:system_dbusd_t
tcontext=system_u:object_r:bin_t tclass=file
Aug 22 08:40:57 dell-studio kernel: [ 276.743700] type=1400
audit(1345617657.351:167): avc: denied { execute } for pid=3292
comm="dbus-daemon-lau" name="upowerd" dev="sda5" ino=939375
scontext=system_u:system_r:system_dbusd_t
tcontext=system_u:object_r:bin_t tclass=file
Aug 22 08:40:57 dell-studio kernel: [ 276.745985] type=1400
audit(1345617657.353:168): avc: denied { execute } for pid=3294
comm="dbus-daemon-lau" name="upowerd" dev="sda5" ino=939375
scontext=system_u:system_r:system_dbusd_t
tcontext=system_u:object_r:bin_t tclass=file
Aug 22 08:40:58 dell-studio kernel: [ 277.491022] type=1400
audit(1345617658.099:169): avc: denied { execute } for pid=3309
comm="dbus-daemon-lau" name="udisks-daemon" dev="sda5" ino=939378
scontext=system_u:system_r:system_dbusd_t
tcontext=system_u:object_r:bin_t tclass=file
Aug 22 08:40:58 dell-studio kernel: [ 277.493490] type=1400
audit(1345617658.101:170): avc: denied { execute } for pid=3311
comm="dbus-daemon-lau" name="udisks-daemon" dev="sda5" ino=939378
scontext=system_u:system_r:system_dbusd_t
tcontext=system_u:object_r:bin_t tclass=file
Aug 22 08:40:58 dell-studio kernel: [ 277.495741] type=1400
audit(1345617658.103:171): avc: denied { execute } for pid=3313
comm="dbus-daemon-lau" name="udisks-daemon" dev="sda5" ino=939378
scontext=system_u:system_r:system_dbusd_t
tcontext=system_u:object_r:bin_t tclass=file
Aug 22 08:41:03 dell-studio kernel: [ 283.169479] type=1400
audit(1345617663.776:178): avc: denied { search } for pid=1980
comm="dbus-daemon" name="console" dev="tmpfs" ino=6314
scontext=system_u:system_r:system_dbusd_t
tcontext=system_u:object_r:consolekit_var_run_t tclass=dir
Aug 22 08:41:03 dell-studio kernel: [ 283.171841] type=1400
audit(1345617663.778:179): avc: denied { execute } for pid=3343
comm="dbus-daemon-lau" name="upowerd" dev="sda5" ino=939375
scontext=system_u:system_r:system_dbusd_t
tcontext=system_u:object_r:bin_t tclass=file
Aug 22 08:41:03 dell-studio kernel: [ 283.174291] type=1400
audit(1345617663.781:180): avc: denied { execute } for pid=3345
comm="dbus-daemon-lau" name="upowerd" dev="sda5" ino=939375
scontext=system_u:system_r:system_dbusd_t
tcontext=system_u:object_r:bin_t tclass=file
Aug 22 08:41:03 dell-studio kernel: [ 283.176853] type=1400
audit(1345617663.783:181): avc: denied { execute } for pid=3347
comm="dbus-daemon-lau" name="udisks-daemon" dev="sda5" ino=939378
scontext=system_u:system_r:system_dbusd_t
tcontext=system_u:object_r:bin_t tclass=file
Aug 22 08:41:03 dell-studio kernel: [ 283.179307] type=1400
audit(1345617663.786:182): avc: denied { execute } for pid=3349
comm="dbus-daemon-lau" name="udisks-daemon" dev="sda5" ino=939378
scontext=system_u:system_r:system_dbusd_t
tcontext=system_u:object_r:bin_t tclass=file
Aug 22 08:41:04 dell-studio kernel: [ 283.549112] type=1400
audit(1345617664.156:183): avc: denied { search } for pid=1980
comm="dbus-daemon" name="console" dev="tmpfs" ino=6314
scontext=system_u:system_r:system_dbusd_t
tcontext=system_u:object_r:consolekit_var_run_t tclass=dir
Aug 22 08:41:04 dell-studio kernel: [ 283.880610] type=1400
audit(1345617664.487:184): avc: denied { search } for pid=1980
comm="dbus-daemon" name="console" dev="tmpfs" ino=6314
scontext=system_u:system_r:system_dbusd_t
tcontext=system_u:object_r:consolekit_var_run_t tclass=dir
Aug 22 08:41:06 dell-studio kernel: [ 285.409187] type=1400
audit(1345617666.016:185): avc: denied { execute } for pid=3391
comm="dbus-daemon-lau" name="udisks-daemon" dev="sda5" ino=939378
scontext=system_u:system_r:system_dbusd_t
tcontext=system_u:object_r:bin_t tclass=file
Aug 22 08:41:06 dell-studio kernel: [ 285.412221] type=1400
audit(1345617666.019:186): avc: denied { execute } for pid=3393
comm="dbus-daemon-lau" name="udisks-daemon" dev="sda5" ino=939378
scontext=system_u:system_r:system_dbusd_t
tcontext=system_u:object_r:bin_t tclass=file
Aug 22 08:41:06 dell-studio kernel: [ 285.415310] type=1400
audit(1345617666.022:187): avc: denied { execute } for pid=3396
comm="dbus-daemon-lau" name="udisks-daemon" dev="sda5" ino=939378
scontext=system_u:system_r:system_dbusd_t
tcontext=system_u:object_r:bin_t tclass=file
Aug 22 08:41:08 dell-studio kernel: [ 288.179455] type=1400
audit(1345617668.786:219): avc: denied { execute } for pid=3516
comm="dbus-daemon-lau" name="polkitd" dev="sda5" ino=922900
scontext=system_u:system_r:system_dbusd_t
tcontext=system_u:object_r:policykit_exec_t tclass=file
Aug 22 08:41:37 dell-studio kernel: [ 317.293037] type=1400
audit(1345617697.900:220): avc: denied { getattr } for pid=2010
comm="console-kit-dae" path="/run/ConsoleKit" dev="tmpfs" ino=4632
scontext=system_u:system_r:consolekit_t
tcontext=system_u:object_r:initrc_var_run_t tclass=dir
Aug 22 08:41:37 dell-studio kernel: [ 317.296511] type=1400
audit(1345617697.904:221): avc: denied { search } for pid=3666
comm="udev-acl.ck" name="ConsoleKit" dev="tmpfs" ino=4632
scontext=system_u:system_r:consolekit_t
tcontext=system_u:object_r:initrc_var_run_t tclass=dir
Aug 22 08:41:37 dell-studio kernel: [ 317.296674] type=1400
audit(1345617697.904:222): avc: denied { read } for pid=3666
comm="udev-acl.ck" name="udev-acl" dev="tmpfs" ino=1427
scontext=system_u:system_r:consolekit_t
tcontext=system_u:object_r:udev_var_run_t tclass=dir
Aug 22 08:41:37 dell-studio kernel: [ 317.296710] type=1400
audit(1345617697.904:223): avc: denied { read } for pid=3666
comm="udev-acl.ck" name="udev-acl" dev="tmpfs" ino=1427
scontext=system_u:system_r:consolekit_t
tcontext=system_u:object_r:udev_var_run_t tclass=dir
Then I tried to start powerdevil in kde systemsettings and these were
the denials:
Aug 22 08:47:14 dell-studio kernel: [ 653.535413] type=1400
audit(1345618034.143:239): avc: denied { execute } for pid=5378
comm="dbus-daemon-lau" name="upowerd" dev="sda5" ino=939375
scontext=system_u:system_r:system_dbusd_t
tcontext=system_u:object_r:bin_t tclass=file
Aug 22 08:47:14 dell-studio kernel: [ 653.538755] type=1400
audit(1345618034.146:240): avc: denied { execute } for pid=5380
comm="dbus-daemon-lau" name="upowerd" dev="sda5" ino=939375
scontext=system_u:system_r:system_dbusd_t
tcontext=system_u:object_r:bin_t tclass=file
Aug 22 08:47:14 dell-studio kernel: [ 653.542123] type=1400
audit(1345618034.150:241): avc: denied { execute } for pid=5382
comm="dbus-daemon-lau" name="upowerd" dev="sda5" ino=939375
scontext=system_u:system_r:system_dbusd_t
tcontext=system_u:object_r:bin_t tclass=file
Aug 22 08:47:14 dell-studio kernel: [ 653.545562] type=1400
audit(1345618034.153:242): avc: denied { execute } for pid=5385
comm="dbus-daemon-lau" name="upowerd" dev="sda5" ino=939375
scontext=system_u:system_r:system_dbusd_t
tcontext=system_u:object_r:bin_t tclass=file
Aug 22 08:47:14 dell-studio kernel: [ 653.550155] type=1400
audit(1345618034.158:243): avc: denied { execute } for pid=5387
comm="dbus-daemon-lau" name="upowerd" dev="sda5" ino=939375
scontext=system_u:system_r:system_dbusd_t
tcontext=system_u:object_r:bin_t tclass=file
Aug 22 08:47:14 dell-studio kernel: [ 653.553430] type=1400
audit(1345618034.161:244): avc: denied { execute } for pid=5389
comm="dbus-daemon-lau" name="upowerd" dev="sda5" ino=939375
scontext=system_u:system_r:system_dbusd_t
tcontext=system_u:object_r:bin_t tclass=file
Aug 22 08:47:14 dell-studio kernel: [ 653.680410] type=1400
audit(1345618034.288:245): avc: denied { search } for pid=1980
comm="dbus-daemon" name="console" dev="tmpfs" ino=6314
scontext=system_u:system_r:system_dbusd_t
tcontext=system_u:object_r:consolekit_var_run_t tclass=dir
Aug 22 08:47:14 dell-studio kernel: [ 653.683357] type=1400
audit(1345618034.291:246): avc: denied { execute } for pid=5393
comm="dbus-daemon-lau" name="polkitd" dev="sda5" ino=922900
scontext=system_u:system_r:system_dbusd_t
tcontext=system_u:object_r:policykit_exec_t tclass=file
Aug 22 08:47:16 dell-studio kernel: [ 655.718026] type=1400
audit(1345618036.325:247): avc: denied { execute } for pid=5407
comm="dbus-daemon-lau" name="upowerd" dev="sda5" ino=939375
scontext=system_u:system_r:system_dbusd_t
tcontext=system_u:object_r:bin_t tclass=file
Aug 22 08:47:16 dell-studio kernel: [ 655.724292] type=1400
audit(1345618036.332:248): avc: denied { execute } for pid=5409
comm="dbus-daemon-lau" name="upowerd" dev="sda5" ino=939375
scontext=system_u:system_r:system_dbusd_t
tcontext=system_u:object_r:bin_t tclass=file
About the su question, before and after logging in su the context is
unconfined_u:unconfined_r:unconfined_t, while the denials are:
Aug 22 08:43:53 dell-studio kernel: [ 452.789311] type=1400
audit(1345617833.396:228): avc: denied { search } for pid=4358
comm="xauth" name="root" dev="sda5" ino=1308163
scontext=unconfined_u:unconfined_r:xauth_t
tcontext=system_u:object_r:default_t tclass=dir
Aug 22 08:43:53 dell-studio kernel: [ 452.789325] type=1400
audit(1345617833.396:229): avc: denied { search } for pid=4358
comm="xauth" name="root" dev="sda5" ino=1308163
scontext=unconfined_u:unconfined_r:xauth_t
tcontext=system_u:object_r:default_t tclass=dir
Aug 22 08:43:55 dell-studio kernel: [ 454.789483] type=1400
audit(1345617835.396:230): avc: denied { search } for pid=4358
comm="xauth" name="root" dev="sda5" ino=1308163
scontext=unconfined_u:unconfined_r:xauth_t
tcontext=system_u:object_r:default_t tclass=dir
Aug 22 08:43:57 dell-studio kernel: [ 456.789663] type=1400
audit(1345617837.397:231): avc: denied { search } for pid=4358
comm="xauth" name="root" dev="sda5" ino=1308163
scontext=unconfined_u:unconfined_r:xauth_t
tcontext=system_u:object_r:default_t tclass=dir
Aug 22 08:43:59 dell-studio kernel: [ 458.789842] type=1400
audit(1345617839.397:232): avc: denied { search } for pid=4358
comm="xauth" name="root" dev="sda5" ino=1308163
scontext=unconfined_u:unconfined_r:xauth_t
tcontext=system_u:object_r:default_t tclass=dir
Aug 22 08:44:01 dell-studio kernel: [ 460.790069] type=1400
audit(1345617841.398:233): avc: denied { search } for pid=4358
comm="xauth" name="root" dev="sda5" ino=1308163
scontext=unconfined_u:unconfined_r:xauth_t
tcontext=system_u:object_r:default_t tclass=dir
Aug 22 08:44:03 dell-studio kernel: [ 462.790251] type=1400
audit(1345617843.398:234): avc: denied { search } for pid=4358
comm="xauth" name="root" dev="sda5" ino=1308163
scontext=unconfined_u:unconfined_r:xauth_t
tcontext=system_u:object_r:default_t tclass=dir
Aug 22 08:44:05 dell-studio kernel: [ 464.790430] type=1400
audit(1345617845.398:235): avc: denied { search } for pid=4358
comm="xauth" name="root" dev="sda5" ino=1308163
scontext=unconfined_u:unconfined_r:xauth_t
tcontext=system_u:object_r:default_t tclass=dir
Aug 22 08:44:07 dell-studio kernel: [ 466.790614] type=1400
audit(1345617847.398:236): avc: denied { search } for pid=4358
comm="xauth" name="root" dev="sda5" ino=1308163
scontext=unconfined_u:unconfined_r:xauth_t
tcontext=system_u:object_r:default_t tclass=dir
Aug 22 08:44:09 dell-studio kernel: [ 468.790797] type=1400
audit(1345617849.398:237): avc: denied { search } for pid=4358
comm="xauth" name="root" dev="sda5" ino=1308163
scontext=unconfined_u:unconfined_r:xauth_t
tcontext=system_u:object_r:default_t tclass=dir
Aug 22 08:44:11 dell-studio kernel: [ 470.791079] type=1400
audit(1345617851.399:238): avc: denied { search } for pid=4358
comm="xauth" name="root" dev="sda5" ino=1308163
scontext=unconfined_u:unconfined_r:xauth_t
tcontext=system_u:object_r:default_t tclass=dir
Of course, as I wrote in the past email the sda5 who the denials are
complaining about is my / (ext4) partition.
Thank you again.
On 21/08/2012 20:03, Sven Vermeulen wrote:
> On Tue, Aug 21, 2012 at 09:14:39AM +0200, [email protected] wrote:
>> Hello to all the list. I need your help to understand what's wrong here.
>> I tried to convert my laptop to a selinux profile (targeted) several
>> times following the documentation step by step.
> Hi F.P.
>
> First of all, thanks for trying the SELinux stuff out. I'm pretty sure we
> can help you further and fix things so that others don't get the same
> problems.
>
>> 1) it seems like some part of hardware can't be revealed in enforcing
>> mode: Pulseaudio can't see the soundcard, powerdevil can't see power
>> statistics, newly atttached usb drives are ingored. Obviously
>> selinux-consolekit, selinux-policykit and selinux-dbus are installed.
> It is best to look at the AVC denials that come up when you launch
> pulseaudio, powerdevel etc. one by one. Providing all possible denials will
> make it much more difficult to fine-tune the problems.
>
> What I usually do to debug issues is to do:
>
> ~# tail -f /var/log/avc.log
>
> Then perform one activity (1) that doesn't work. For instance, try to play
> an MP3/OGG file which fails. Then look at the denials that came up right
> when you did that action.
>
>> 3) Logging in root with su or kdesu (in X environment) takes too long:
>> if the password I write is ok, it takes even some minute to give me the
>> root shell.
> Here too looking at the AVC denials that come up right then would be
> interesting. However, in this case it is best to also provide the output of
> "id -Z" right before you switch root, and right after.
>
> Wkr,
> Sven Vermeulen
>
