Failed to call ScheduleShutdown in logind, proceeding with immediate shutdown: Access denied
2015-11-30 13:05
627 查看
装了fedora23后定时关机:sudo shutdown -h +60
弹出如下信息后立刻就关机了:
找到问题所在:
在/var/log/audit/audit.log中也找到相应信息:
那我们就使用audit2allow来生成相应模块来解决这个问题吧:
搞定,这样在当前目录下就生成了两个文件:mypol.pp mypol.te,看看:
#============= systemd_logind_t ==============
allow systemd_logind_t init_var_run_t:file create;
试验一下:
Bingo!这样以后晚上工作没完成时,就可以让我的电脑多加一下班啦 :)
弹出如下信息后立刻就关机了:
Failed to call ScheduleShutdown in logind, proceeding with immediate shutdown: Access denied Google一下,问题出在selinux。看下日志:
journalctl | grep -i avc
找到问题所在:
Nov 26 12:26:57 RedBase audit[752]: AVC avc: denied { create } for pid=752 comm="systemd-logind" name=".#scheduledKNqxuo" scontext=system_u:system_r:systemd_logind_t:s0 tcontext=system_u:object_r:init_var_run_t:s0 tclass=file permissive=0
在/var/log/audit/audit.log中也找到相应信息:
# sudo audit2why < /var/log/audit/audit.log
type=AVC msg=audit(1448512017.541:564): avc: denied { create } for pid=752 comm="systemd-logind" name=".#scheduledKNqxuo" scontext=system_u:system_r:systemd_logind_t:s0 tcontext=system_u:object_r:init_var_run_t:s0 tclass=file permissive=0 Was caused by: Missing type enforcement (TE) allow rule. You can use audit2allow to generate a loadable module to allow this access.
那我们就使用audit2allow来生成相应模块来解决这个问题吧:
# cd /etc/selinux/targeted/policy # grep systemd-logind /var/log/audit/audit.log | audit2allow -M mypol # sudo semodule -i mypol.pp
搞定,这样在当前目录下就生成了两个文件:mypol.pp mypol.te,看看:
# vim mypol.te
#============= systemd_logind_t ==============
allow systemd_logind_t init_var_run_t:file create;
试验一下:
# sestatus SELinux status: enabled SELinuxfs mount: /sys/fs/selinux SELinux root directory: /etc/selinux Loaded policy name: targeted Current mode: enforcing Mode from config file: enforcing Policy MLS status: enabled Policy deny_unknown status: allowed Max kernel policy version: 29 # shutdown -h +30 Shutdown scheduled for Mon 2015-11-30 13:31:26 CST, use 'shutdown -c' to cancel.
Bingo!这样以后晚上工作没完成时,就可以让我的电脑多加一下班啦 :)
相关文章推荐
- IMAGE INPAINTING
- 光纤网卡、HBA卡和RAID卡的区别
- 社交媒体中的谣言检测(A11, AAAI2015)
- Container With Most Water
- airodump-ng wlan0mon doesn't work
- RAID基本知识
- Contains Duplicate II
- ITerrainPolygon应用
- CombinedDomainXYPlot
- setContentView(R.layout.activity_main) Error解决方法 .
- Contains Duplicate
- 1090. Highest Price in Supply Chain
- opatch报错OPatch failed with error code 2
- 1079. Total Sales of Supply Chain (25)
- VS2012 error C2664: “std::make_pair”:无法将左值绑定到右值引用
- How much training data do you need?
- BZOJ4152: [AMPPZ2014]The Captain
- junit.framework.AssertionFailedError: No tests found in JUnit.test at junit junit.framework.Asserti
- Project Euler 90:Cube digit pairs 立方体数字对
- HDU 1839 Delay Constrained Maximum Capacity Path(二分+SPFA)