Bug 1030654
| Summary: | SELinux is preventing /usr/bin/dbus-daemon from 'bind' accesses on the netlink_selinux_socket . | ||
|---|---|---|---|
| Product: | [Fedora] Fedora | Reporter: | Kamil Páral <kparal> |
| Component: | selinux-policy | Assignee: | Lukas Vrabec <lvrabec> |
| Status: | CLOSED CURRENTRELEASE | QA Contact: | Fedora Extras Quality Assurance <extras-qa> |
| Severity: | unspecified | Docs Contact: | |
| Priority: | unspecified | ||
| Version: | 19 | CC: | dominick.grift, dwalsh, lvrabec, mgrepl |
| Target Milestone: | --- | ||
| Target Release: | --- | ||
| Hardware: | x86_64 | ||
| OS: | Unspecified | ||
| Whiteboard: | abrt_hash:e6339e25a3d0320c047d77a90e85198a7cebde4b71c5f8466743ef9ffd1aaf86 | ||
| Fixed In Version: | Doc Type: | Bug Fix | |
| Doc Text: | Story Points: | --- | |
| Clone Of: | Environment: | ||
| Last Closed: | 2013-11-26 09:43:31 UTC | Type: | --- |
| Regression: | --- | Mount Type: | --- |
| Documentation: | --- | CRM: | |
| Verified Versions: | Category: | --- | |
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
| Cloudforms Team: | --- | Target Upstream Version: | |
| Embargoed: | |||
This is allowed in F20. $ sesearch -A -s xdm_t -t xdm_t -c netlink_selinux_socket
Found 1 semantic av rules:
allow xdm_t xdm_t : netlink_selinux_socket { ioctl read write create getattr setattr lock append bind connect getopt setopt shutdown } ;
$ rpm -q selinux-policy
selinux-policy-3.12.1-74.13.fc19.noarch
It's also allowed in F19.
|
Description of problem: No idea how this happened. SELinux is preventing /usr/bin/dbus-daemon from 'bind' accesses on the netlink_selinux_socket . ***** Plugin catchall (100. confidence) suggests *************************** If you believe that dbus-daemon should be allowed bind access on the netlink_selinux_socket by default. Then you should report this as a bug. You can generate a local policy module to allow this access. Do allow this access for now by executing: # grep dbus-daemon /var/log/audit/audit.log | audit2allow -M mypol # semodule -i mypol.pp Additional Information: Source Context system_u:system_r:xdm_t:s0-s0:c0.c1023 Target Context system_u:system_r:xdm_t:s0-s0:c0.c1023 Target Objects [ netlink_selinux_socket ] Source dbus-daemon Source Path /usr/bin/dbus-daemon Port <Neznámé> Host (removed) Source RPM Packages dbus-1.6.12-1.fc19.x86_64 Target RPM Packages Policy RPM selinux-policy-3.12.1-74.12.fc19.noarch Selinux Enabled True Policy Type targeted Enforcing Mode Permissive Host Name (removed) Platform Linux (removed) 3.11.7-200.fc19.x86_64 #1 SMP Mon Nov 4 14:09:03 UTC 2013 x86_64 x86_64 Alert Count 3 First Seen 2013-11-10 10:45:05 CET Last Seen 2013-11-14 21:37:19 CET Local ID d0109cb2-5443-4feb-8070-5751e523b48f Raw Audit Messages type=AVC msg=audit(1384461439.29:592): avc: denied { bind } for pid=27121 comm="dbus-daemon" scontext=system_u:system_r:xdm_t:s0-s0:c0.c1023 tcontext=system_u:system_r:xdm_t:s0-s0:c0.c1023 tclass=netlink_selinux_socket type=SYSCALL msg=audit(1384461439.29:592): arch=x86_64 syscall=bind success=yes exit=0 a0=5 a1=7fffa890b000 a2=c a3=7fffa890adc0 items=0 ppid=1 pid=27121 auid=4294967295 uid=42 gid=42 euid=42 suid=42 fsuid=42 egid=42 sgid=42 fsgid=42 ses=4294967295 tty=(none) comm=dbus-daemon exe=/usr/bin/dbus-daemon subj=system_u:system_r:xdm_t:s0-s0:c0.c1023 key=(null) Hash: dbus-daemon,xdm_t,xdm_t,netlink_selinux_socket,bind Additional info: reporter: libreport-2.1.9 hashmarkername: setroubleshoot kernel: 3.11.7-200.fc19.x86_64 type: libreport Potential duplicate: bug 989788