[refpolicy] bluetooth-applet not showing up in the panel

From: justinmattock@gmail.com (Justin P. Mattock)
To: refpolicy@oss.tresys.com
Subject: [refpolicy] bluetooth-applet not showing up in the panel
Date: Tue, 04 Jan 2011 06:36:03 -0800	[thread overview]
Message-ID: <4D233053.7030508@gmail.com> (raw)
In-Reply-To: <4D232952.8020904@redhat.com>

On 01/04/2011 06:06 AM, Daniel J Walsh wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> On 01/03/2011 08:29 PM, Justin P. Mattock wrote:
>> On 12/31/2010 02:28 AM, Daniel J Walsh wrote:
>>> -----BEGIN PGP SIGNED MESSAGE-----
>>> Hash: SHA1
>>>
>>> On 12/28/2010 03:09 PM, Justin P. Mattock wrote:
>>>> On 12/28/2010 11:23 AM, Chris Richards wrote:
>>>>> On 12/28/2010 10:39 AM, Dominick Grift wrote:
>>>>>>> yeah nothing is showing up in the logs i.g.
>>>>>>> /var/log/Xorg,messages,user.log, etc...(no audit daemon running), and
>>>>>>> semodule -DB has already been done)
>>>>>> strange indeed becuase if it works in permissive mode but not in
>>>>>> enforcing mode then i would suspect its selinux preventing access. In
>>>>>> that case avc denials *should* be visible. either in dmesg ,
>>>>>> /var/log/messages /var/log/xorg.log /var/log/audit/audit.log etc.
>>>>> It might be instructive to see if there are any denials when running in
>>>>> permissive mode.  I've encountered situations in the past where no
>>>>> denials would be reported when running enforcing (even with semodule
>>>>> -DB, other than the expected dontaudits, of course), yet when
>>>>> running in
>>>>> permissive mode, there would be denials out the wazzoo, even with apps
>>>>> that were supposedly not selinux-aware.
>>>>>
>>>>> Later,
>>>>> Chris
>>>>> _______________________________________________
>>>>> refpolicy mailing list
>>>>> refpolicy at oss.tresys.com
>>>>> http://oss.tresys.com/mailman/listinfo/refpolicy
>>>>>
>>>>
>>>>
>>>> yeah those avc's can be little buggers if hidden away in some file
>>>> somewhere..I'll have a look again to make sure.. in the meantime
>>>> I am noticing in .xsession-errors in enforcing mode:
>>>>
>>>>
>>>>     cat .xsession-errors
>>>> /etc/gnome/gdm/Xsession: Beginning session setup...
>>>> /etc/gnome/gdm/Xsession: Setup done, will execute: /usr/bin/ssh-agent --
>>>> ck-launch-session /usr/bin/startfluxbox
>>>>
>>>> ** (bluetooth-applet:2786): WARNING **: Could not open RFKILL control
>>>> device, please verify your installation
>>>> GLib-GIO-Message: Using the 'memory' GSettings backend.  Your settings
>>>> will not be saved or shared with other applications.
>>>> tint2 : nb monitor 1, nb monitor used 1, nb desktop 4
>>>> tint2 : pixmap background detection failed
>>>> Error changing to home directory /root: Permission denied
>>>> Error changing to home directory /root: Permission denied
>>>> Error changing to home directory /root: Permission denied
>>>>
>>>>
>>>> the: Error changing to home directory /root: Permission denied
>>>> does not occur in permissive mode so maybe this is whats hitting and
>>>> causing the stuckage or something.. I'll need to look again at
>>>> everything to make sure I didnt forget a build flag or something
>>>>
>>>> Justin P. Mattock
>>>> _______________________________________________
>>>> refpolicy mailing list
>>>> refpolicy at oss.tresys.com
>>>> http://oss.tresys.com/mailman/listinfo/refpolicy
>>> Are you logging in as root via X?
>>
>>
>> no I dont think I was(under ps auxZ everything showed the proper user
>> from what I remembered(gdm))
>>
>> Keep in mind one thing I didnt mention(and didnt think was the cause)is
>> Im seeing pkexec showing up in dmesg.. I can supply the avc for that,
>> but might be a while due to having to compress that system and ready the
>> machine to be sold(no job, no money, no food etc...)
>>
>> I'll keep you updated with this, as soon as I connect the dots with
>> other things..
>>
>> Justin P. Mattock
>>
>>
> Well there is an open bug against gnome-power-manager launching
> gnome-screensaver when run from gdm.   But I would figure this would do
> some wierd stuff in gdm home dir not /root
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1.4.11 (GNU/Linux)
> Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org/
>
> iEYEARECAAYFAk0jKVEACgkQrlYvE4MpobMdUgCgtNrGaoa7JancnUhVJrJmi33i
> 8R0AnA9EMUqcBEQ4mIgGEFUBaqr/ssmR
> =oRBV
> -----END PGP SIGNATURE-----
>

yeah that's what's getting me on this, is the pkexec is something to do 
with the backlight dimmer helper thing(loading nouvea revealed this one)

strange thing with the bluetooth-applet is after waking up from suspend 
the applet will show right up in the dock with nm-applet/gnome-power
like nothing ever happened.

in regards to the policy, my build.conf looks like this:

TYPE = mcs
NAME = refpolicy
UNK_PERMS = deny
DIRECT_INITRC = n
MONOLITHIC = n
UBAC = y
MLS_SENS = 16
MLS_CATS = 256
MCS_CATS = 256
QUIET = n

only thing not used with this system is the DISTRO switch since it is a 
custom clfs build.

Justin P. Mattock