Aad Rijnberg wrote:
On Friday 07 April 2006 14:48, Gerry Tool wrote:
Aad Rijnberg wrote:
Hello,
since a week I have installed FC5; everything works OK, but today I was
trying to upload some pictures on my digital camera via USB to the PC and
the connection could not be established. I suspect SELinux.
I use Digikam for photo management, and did auto detection of the camera
which succeeded to make the proper selection (Canon PowerShot 510 (normal
mode) ). This means that it can connect to the camera somehow. When I
then selected the camera (via Camera->Canon PowerShot 510 (normal mode))
to get a window with thumbnails it came up with a message :
"Failed to connect to camera. Please make sure its connected properly and
turned on. Would you like to try again?"
I looked in /var/log/messages, and came across the following line:
Apr 7 13:25:47 localhost kernel: audit(1144409147.815:368): avc: denied
{ search } for pid=2897 comm="cat" name="console" dev=dm-4 ino=393220
scontext=system_u:system_r:hald_t:s0
tcontext=system_u:object_r:pam_var_console_t:s0 tclass=dir
Any suggestions?
Aad
Have you tried to use System > Administration > Security Level and
Firewall to set SELinux permissive?
I disabled it but initially it did not make a difference. After I rebooted, I
tried again, and then I could connect to the camera again. So this more or
less proves that it was due to SELinux settings.
I would like to use SELinux in Enforcing mode, and find a solution to the
problem. Does anybody have a clue on how to pursue?
If you booted with SELinux completely disabled, you'll need to relabel
your system when you next boot with SELinux enabled (put SELinux in
permissive mode for this). This may take a long time.
If you just did "setenforce 0" to temporarily turn off SELinux
enforcement to check whether a problem was SELinux-related, you wouldn't
need to do this.
To make changes to SELinux policy to fix this issue, you should:
* Put SELinux in permissive mode (setenforce 0)
* Note the exact time (date)
* Run your application (which should work since SELinux is in permissive
mode)
* Note the exact time again (date)
* Look in /var/log/messages for all "avc: denied" messages between the
two times you noted
* Follow the instructions at
http://fedoraproject.org/wiki/SELinux/LoadableModules/Audit2allow for
making and enabling a local SELinux policy module to allow the things
that were denied between the two times you noted
* Put SELinux back in enforcing mode (setenforce 1)
* Try running the program again. It should still work.
* If there is nothing "unusual" about what you are doing, you could post
a description of what you were doing, along with the generated .te
policy module that fixes it, to fedora-selinux-list. It might then get
included in the main policy and solve the problem for other people
before they come across it.
Paul.
