装了fedora23后定时关机:sudo shutdown -h +60
弹出如下信息后立刻就关机了:
Failed to call ScheduleShutdown in logind, proceeding with immediate shutdown: Access denied
Google一下,问题出在selinux。看下日志:
journalctl | grep -i avc
找到问题所在:
Nov 26 12:26:57 RedBase audit[752]: AVC avc: denied { create } for pid=752 comm="systemd-logind" name=".#scheduledKNqxuo" scontext=system_u:system_r:systemd_logind_t:s0 tcontext=system_u:object_r:init_var_run_t:s0 tclass=file permissive=0
在/var/log/audit/audit.log中也找到相应信息:
# sudo audit2why < /var/log/audit/audit.log
type=AVC msg=audit(1448512017.541:564): avc: denied { create } for pid=752 comm="systemd-logind" name=".#scheduledKNqxuo" scontext=system_u:system_r:systemd_logind_t:s0 tcontext=system_u:object_r:init_var_run_t:s0 tclass=file permissive=0 Was caused by: Missing type enforcement (TE) allow rule. You can use audit2allow to generate a loadable module to allow this access.
那我们就使用audit2allow来生成相应模块来解决这个问题吧:
# cd /etc/selinux/targeted/policy # grep systemd-logind /var/log/audit/audit.log | audit2allow -M mypol # sudo semodule -i mypol.pp
搞定,这样在当前目录下就生成了两个文件:mypol.pp mypol.te,看看:
# vim mypol.te
#============= systemd_logind_t ==============
allow systemd_logind_t init_var_run_t:file create;
试验一下:
# sestatus SELinux status: enabled SELinuxfs mount: /sys/fs/selinux SELinux root directory: /etc/selinux Loaded policy name: targeted Current mode: enforcing Mode from config file: enforcing Policy MLS status: enabled Policy deny_unknown status: allowed Max kernel policy version: 29 # shutdown -h +30 Shutdown scheduled for Mon 2015-11-30 13:31:26 CST, use 'shutdown -c' to cancel.
Bingo!这样以后晚上工作没完成时,就可以让我的电脑多加一下班啦 :)