-
Bug
-
Resolution: Unresolved
-
Normal
-
rhel-9.6
-
None
-
selinux-policy-38.1.63-1.el9
-
No
-
Low
-
1
-
rhel-security-selinux
-
24
-
1
-
QE ack
-
False
-
False
-
-
No
-
SELINUX 250806: 10
-
-
Pass
-
Automated
-
Release Note Not Required
-
Unspecified
-
Unspecified
-
Unspecified
-
None
Since updating to RHEL 9.6 I get this error everytime un/plugging the power cable on my RHEL laptop:
type=AVC msg=audit(1751014949.784:1216): avc: denied ( write ) for pid=1283 comm="power-profiles-" name="energy_performance_preference" dev="sysfs" ino=19587 scontext=system_u:system_r:powerprofiles_t:s0 tcontext=system_u:object_r:sysfs_t:s0 tclass=file permissive=1
sealert output below.
SELinux is preventing /usr/libexec/power-profiles-daemon from write access on the file /sys/devices/system/cpu/cpufreq/policy6/energy_performance_preference.
... Plugin catchall (100. confidence) suggests ...
If you believe that power-profiles-daemon should be allowed write access on the energy_performance_preference file by default.
Then you should report this as a bug.
You can generate a local policy module to allow this access.
Do
allow this access for now by executing:
# ausearch -c 'power-profiles-' --raw | audit2allow -M my-powerprofiles
# semodule -X 300 -i my-powerprofiles.pp
Additional Information:
Source Context system_u:system_r:powerprofiles_t:s0
Target Context system_u:object_r:sysfs_t:s0
Target Objects /sys/devices/system/cpu/cpufreq/policy6/energy_per
formance_preference [ file ]
Source power-profiles-
Source Path /usr/libexec/power-profiles-daemon
Port <Unknown>
Host localhost
Source RPM Packages power-profiles-daemon-0.21-1.el9.x86_64
Target RPM Packages
SELinux Policy RPM selinux-policy-targeted-38.1.53-5.el9_6.noarch
Local Policy RPM selinux-policy-targeted-38.1.53-5.el9_6.noarch
Selinux Enabled True
Policy Type targeted
Enforcing Mode Enforcing
Host Name localhost
Platform Linux localhost 5.14.0-570.23.1.el9_6.x86_64 #1 SMP
PREEMPT_DYNAMIC Sat Jun 14 13:10:47 EDT 2025
x86_64 x86_64
Alert Count 16
First Seen 2025-06-26 08:31:00 EEST
Last Seen 2025-06-27 12:02:29 EEST
Local ID fd03af6d-b0b4-4010-a329-f4bd3973e9e0
Raw Audit Messages
type=AVC msg=audit(1751014949.784:1216): avc: denied ( write ) for pid=1283 comm="power-profiles-" name="energy_performance_preference" dev="sysfs" ino=19587 scontext=system_u:system_r:powerprofiles_t:s0 tcontext=system_u:object_r:sysfs_t:s0 tclass=file permissive=1
type=SYSCALL msg=audit(1751014949.784:1216): arch=x86_64 syscall=openat success=yes exit=ELIBMAX a0=ffffff9c a1=562ddf790590 a2=101201 a3=0 items=1 ppid=1 pid=1283 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=power-profiles- exe=/usr/libexec/power-profiles-daemon subj=system_u:system_r:powerprofiles_t:s0 key=(null)
type=CWD msg=audit(1751014949.784:1216): cwd=/
type=PATH msg=audit(1751014949.784:1216): item=0 name=/sys/devices/system/cpu/cpufreq/policy6/energy_performance_preference inode=19587 dev=00:15 mode=0100644 ouid=0 ogid=0 rdev=00:00 obj=system_u:object_r:sysfs_t:s0 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0
Hash: power-profiles-,powerprofiles_t,sysfs_t,file,write
Thanks.
- is duplicated by
-
-
- Closed
-
- links to
-
RHBA-2025:148008
selinux-policy bug fix and enhancement update