Bug 1112387
Summary: | [abrt] initial-setup: connection.py:651:call_blocking:DBusException: org.freedesktop.DBus.Error.NoReply: Did not receive a reply. Possible causes include: the remote application did not send a reply, the message bus security policy blocked the reply, ... | ||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|
Product: | [Fedora] Fedora | Reporter: | Paul Whalen <pwhalen> | ||||||||
Component: | selinux-policy | Assignee: | Miroslav Grepl <mgrepl> | ||||||||
Status: | CLOSED ERRATA | QA Contact: | Fedora Extras Quality Assurance <extras-qa> | ||||||||
Severity: | unspecified | Docs Contact: | |||||||||
Priority: | unspecified | ||||||||||
Version: | 21 | CC: | awilliam, dominick.grift, dwalsh, jones.peter.busi, lvrabec, mgrepl, mkolman, pbrobinson, pwhalen, robatino, vpodzime | ||||||||
Target Milestone: | --- | ||||||||||
Target Release: | --- | ||||||||||
Hardware: | armv7l | ||||||||||
OS: | Unspecified | ||||||||||
URL: | https://retrace.fedoraproject.org/faf/reports/bthash/d9d5d5e229ff11111c30e5af8387ca1c8e96204c | ||||||||||
Whiteboard: | abrt_hash:0b59b9ff6889ecc663cf7206ca4d14f2423a9efb AcceptedBlocker | ||||||||||
Fixed In Version: | selinux-policy-3.13.1-78.fc21 | Doc Type: | Bug Fix | ||||||||
Doc Text: | Story Points: | --- | |||||||||
Clone Of: | Environment: | ||||||||||
Last Closed: | 2014-09-10 02:45:38 UTC | Type: | --- | ||||||||
Regression: | --- | Mount Type: | --- | ||||||||
Documentation: | --- | CRM: | |||||||||
Verified Versions: | Category: | --- | |||||||||
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |||||||||
Cloudforms Team: | --- | Target Upstream Version: | |||||||||
Embargoed: | |||||||||||
Bug Depends On: | |||||||||||
Bug Blocks: | 245418, 1043119 | ||||||||||
Attachments: |
|
Description
Paul Whalen
2014-06-23 19:59:49 UTC
Created attachment 911573 [details]
File: backtrace
Created attachment 911574 [details]
File: dso_list
Created attachment 911575 [details]
File: environ
Looks like another bug/missing piece in selinux-policy. Reassigning. Did you get any AVC messages? Sorry for the delay, below are avc's seen when attempting to restart initial-setup-graphical type=USER_AVC msg=audit(1409071225.085:414): pid=523 uid=81 auid=4294967295 ses=4294967295 subj=system_u:system_r:system_dbusd_t:s0-s0:c0.c1023 msg='avc: denied { send_msg } for msgtype=error error_name=org.freedesktop.login1.NoSessionForPID dest=:1.23 spid=521 tpid=1163 scontext=system_u:system_r:systemd_logind_t:s0 tcontext=system_u:system_r:unconfined_service_t:s0 tclass=dbus exe="/usr/bin/dbus-daemon" sauid=81 hostname=? addr=? terminal=?' type=USER_AVC msg=audit(1409071247.896:415): pid=523 uid=81 auid=4294967295 ses=4294967295 subj=system_u:system_r:system_dbusd_t:s0-s0:c0.c1023 msg='avc: denied { send_msg } for msgtype=method_return dest=:1.24 spid=624 tpid=1184 scontext=system_u:system_r:NetworkManager_t:s0 tcontext=system_u:system_r:unconfined_service_t:s0 tclass=dbus exe="/usr/bin/dbus-daemon" sauid=81 hostname=? addr=? terminal=?' type=USER_AVC msg=audit(1409071272.926:416): pid=523 uid=81 auid=4294967295 ses=4294967295 subj=system_u:system_r:system_dbusd_t:s0-s0:c0.c1023 msg='avc: denied { send_msg } for msgtype=method_return dest=:1.24 spid=624 tpid=1184 scontext=system_u:system_r:NetworkManager_t:s0 tcontext=system_u:system_r:unconfined_service_t:s0 tclass=dbus exe="/usr/bin/dbus-daemon" sauid=81 hostname=? addr=? terminal=?' type=SERVICE_START msg=audit(1409071301.472:417): pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg=' comm="initial-setup-graphical" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success' type=SERVICE_STOP msg=audit(1409071301.472:418): pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg=' comm="initial-setup-graphical" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success' What does # ps -efZ | grep unconfined_service_t [root@wandq ~]# ps -efZ | grep unconfined_service_t system_u:system_r:unconfined_service_t:s0 root 545 1 0 09:37 ? 00:00:00 /bin/xinit /bin/firstboot-windowmanager /bin/initial-setup -- /bin/Xorg :9 -ac -nolistenp system_u:system_r:unconfined_service_t:s0 root 558 545 1 09:37 tty2 00:00:00 /usr/libexec/Xorg.bin :9 -ac -nolisten tcp system_u:system_r:unconfined_service_t:s0 root 581 545 0 09:37 ? 00:00:00 /bin/sh /bin/firstboot-windowmanager /bin/initial-setup system_u:system_r:unconfined_service_t:s0 root 596 581 0 09:37 ? 00:00:00 /usr/bin/xfwm4 system_u:system_r:unconfined_service_t:s0 root 602 581 0 09:37 ? 00:00:00 /bin/sh /bin/initial-setup system_u:system_r:unconfined_service_t:s0 root 607 602 33 09:37 ? 00:00:24 python -m initial_setup system_u:system_r:unconfined_service_t:s0 root 654 1 0 09:37 ? 00:00:00 /bin/dbus-launch --autolaunch 117888b86b634f70846aeab356fe1690 --binary-syntax --close-sr system_u:system_r:unconfined_service_t:s0 root 662 1 0 09:37 ? 00:00:00 /bin/dbus-daemon --fork --print-pid 5 --print-address 7 --session system_u:system_r:unconfined_service_t:s0 root 667 1 0 09:37 ? 00:00:00 /usr/lib/xfce4/xfconf/xfconfd system_u:system_r:unconfined_service_t:s0 root 1013 1 0 09:37 ? 00:00:00 /usr/libexec/at-spi-bus-launcher system_u:system_r:unconfined_service_t:s0 root 1017 1013 0 09:37 ? 00:00:00 /bin/dbus-daemon --config-file=/etc/at-spi2/accessibility.conf --nofork --print-address 3 system_u:system_r:unconfined_service_t:s0 root 1021 1 0 09:37 ? 00:00:00 /usr/libexec/at-spi2-registryd --use-gnome-session unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 root 1063 1041 0 09:38 ttymxc0 00:00:00 grep --color=auto unconfined_service_t Release Criteria - Expected image boot behavior: Release-blocking ARM disk images must boot to the initial-setup utility. Discussed at 2014-08-27 blocker review meeting: http://meetbot.fedoraproject.org/fedora-blocker-review/2014-08-27/f21-blocker-review.2014-08-27-15.59.log.txt . Accepted as a release blocker per criterion "Expected image boot behavior ... Release-blocking ARM disk images must boot to the initial-setup utility." , https://fedoraproject.org/wiki/Fedora_21_Alpha_Release_Criteria#Expected_image_boot_behavior So does it talk to system_u:system_r:unconfined_service_t:s0 root 581 545 0 09:37 ? 00:00:00 /bin/sh /bin/firstboot-windowmanager /bin/initial-setup I guess so. commit 4a4e7e79d480851a212ebf5f583c95b239440cb9 Author: Miroslav Grepl <mgrepl> Date: Thu Aug 28 15:24:37 2014 +0200 Labeli initial-setup as install_exec_t. selinux-policy-3.13.1-77.fc21 has been submitted as an update for Fedora 21. https://admin.fedoraproject.org/updates/selinux-policy-3.13.1-77.fc21 Package selinux-policy-3.13.1-77.fc21: * should fix your issue, * was pushed to the Fedora 21 testing repository, * should be available at your local mirror within two days. Update it with: # su -c 'yum update --enablerepo=updates-testing selinux-policy-3.13.1-77.fc21' as soon as you are able to. Please go to the following url: https://admin.fedoraproject.org/updates/FEDORA-2014-9873/selinux-policy-3.13.1-77.fc21 then log in and leave karma (feedback). Installed and relabeled, doesn't appear to have resolved the issue, avcs below: type=USER_AVC msg=audit(1409249826.957:383): pid=646 uid=81 auid=4294967295 ses=4294967295 subj=system_u:system_r:system_dbusd_t:s0-s0:c0.c1023 msg='avc: denied { send_msg } for msgtype=method_return dest=:1.14 spid=757 tpid=744 scontext=system_u:system_r:NetworkManager_t:s0 tcontext=system_u:system_r:unconfined_service_t:s0 tclass=dbus exe="/usr/bin/dbus-daemon" sauid=81 hostname=? addr=? terminal=?' type=USER_AVC msg=audit(1409249851.983:384): pid=646 uid=81 auid=4294967295 ses=4294967295 subj=system_u:system_r:system_dbusd_t:s0-s0:c0.c1023 msg='avc: denied { send_msg } for msgtype=method_return dest=:1.14 spid=757 tpid=744 scontext=system_u:system_r:NetworkManager_t:s0 tcontext=system_u:system_r:unconfined_service_t:s0 tclass=dbus exe="/usr/bin/dbus-daemon" sauid=81 hostname=? addr=? terminal=?' type=SERVICE_START msg=audit(1409249881.119:385): pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg=' comm="initial-setup-graphical" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success' type=SERVICE_STOP msg=audit(1409249881.119:386): pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg=' comm="initial-setup-graphical" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success' 33e4e46c9b3262601a3c1e35ab649451904d982a 20452f33ae53d0840c11bd912779a0d6a115b409 I have just added to git the ability to dbus chat with all dbus system domains. Which will fix this issue. (In reply to Paul Whalen from comment #14) > Installed and relabeled, doesn't appear to have resolved the issue, avcs > below: > > type=USER_AVC msg=audit(1409249826.957:383): pid=646 uid=81 auid=4294967295 > ses=4294967295 subj=system_u:system_r:system_dbusd_t:s0-s0:c0.c1023 > msg='avc: denied { send_msg } for msgtype=method_return dest=:1.14 > spid=757 tpid=744 scontext=system_u:system_r:NetworkManager_t:s0 > tcontext=system_u:system_r:unconfined_service_t:s0 tclass=dbus > exe="/usr/bin/dbus-daemon" sauid=81 hostname=? addr=? terminal=?' > type=USER_AVC msg=audit(1409249851.983:384): pid=646 uid=81 auid=4294967295 > ses=4294967295 subj=system_u:system_r:system_dbusd_t:s0-s0:c0.c1023 > msg='avc: denied { send_msg } for msgtype=method_return dest=:1.14 > spid=757 tpid=744 scontext=system_u:system_r:NetworkManager_t:s0 > tcontext=system_u:system_r:unconfined_service_t:s0 tclass=dbus > exe="/usr/bin/dbus-daemon" sauid=81 hostname=? addr=? terminal=?' > type=SERVICE_START msg=audit(1409249881.119:385): pid=1 uid=0 > auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg=' > comm="initial-setup-graphical" exe="/usr/lib/systemd/systemd" hostname=? > addr=? terminal=? res=success' > type=SERVICE_STOP msg=audit(1409249881.119:386): pid=1 uid=0 auid=4294967295 > ses=4294967295 subj=system_u:system_r:init_t:s0 msg=' > comm="initial-setup-graphical" exe="/usr/lib/systemd/systemd" hostname=? > addr=? terminal=? res=success' Ok, this is with installed system. I am still interested in # ps -efZ |grep unconfined_service output with your upgraded system. selinux-policy-3.13.1-78.fc21 has been submitted as an update for Fedora 21. https://admin.fedoraproject.org/updates/selinux-policy-3.13.1-78.fc21 selinux-policy-3.13.1-78.fc21 fixes this on TC5. Many Thanks! selinux-policy-3.13.1-78.fc21 has been pushed to the Fedora 21 stable repository. If problems still persist, please make note of it in this bug report. |