Bug 171652

Summary: dbus fails to start due permission denied opening a socket
Product: [Fedora] Fedora Reporter: Brian G. Anderson <bikehead>
Component: selinux-policy-targetedAssignee: Russell Coker <rcoker>
Status: CLOSED CURRENTRELEASE QA Contact:
Severity: medium Docs Contact:
Priority: medium    
Version: rawhideCC: johnp
Target Milestone: ---   
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: 1.27.2-2 Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2006-03-22 03:21:03 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description Brian G. Anderson 2005-10-24 19:42:17 UTC 
Description of problem:
dbus fails to start with the following message:
   dbus-daemon: Can't send to audit system: USER_AVC pid=1979 uid=0 loginuid=-1
   message=avc: can't open netlink socket: 13 (Permission denied)

dbus not starting causes NetworkManager to fail.

In order for the sytem to boot I have to add enforcing=0 to boot line.


Version-Release number of selected component (if applicable):
0.50

How reproducible:
Always without 


Steps to Reproduce:
1. boot system
2.
3.
  
Actual results:
dbus stops with permission denied


Expected results:
dbus should start


Additional info:
Comment 1 John (J5) Palmieri 2005-10-24 19:54:43 UTC 
This looks like an SELinux configuration issue.  What policy are you running?
Comment 2 Brian G. Anderson 2005-10-24 20:44:01 UTC 
selinux-policy-targeted 1.27.2-1

audit2why tells me this:

type=AVC msg=audit(1130179827.147:154): avc:  denied  { read } for  pid=1980
comm="dbus-daemon" scontext=system_u:system_r:system_dbusd_t:s0
tcontext=system_u:system_r:system_dbusd_t:s0 tclass=netlink_selinux_socket
        Was caused by:
                Missing or disabled TE allow rule.
                Allow rules may exist but be disabled by boolean settings; check
boolean settings.
                You can see the necessary allow rules by running audit2allow
with this audit message as input.
Comment 3 Daniel Walsh 2005-10-24 21:45:22 UTC 
FIxed in selinux-policy-targeted-1.27.2-1
Comment 4 Brian G. Anderson 2005-10-24 22:33:48 UTC 
But if you look at my last comment:  my machine is already at 1.27.2-1
Comment 5 Daniel Walsh 2005-10-25 17:05:30 UTC 
should have been selinux-policy-targeted-1.27.2-2