Bug 171789

Summary: acpid can't send dbus signals
Product: [Fedora] Fedora Reporter: Matthew Saltzman <mjs>
Component: selinux-policy-targetedAssignee: Daniel Walsh <dwalsh>
Status: CLOSED RAWHIDE QA Contact:
Severity: medium Docs Contact:
Priority: medium    
Version: 4CC: djuran
Target Milestone: ---   
Target Release: ---   
Hardware: i386   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2006-05-05 15:03:20 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description Matthew Saltzman 2005-10-26 14:27:19 UTC
Description of problem:
Recent versions of NetworkManager use dbus signals to control actions related to
suspend/resume (among others).

The suspend script runs without error when executed from the command line, but
produces these errors when invoked by pressing the suspend key.

On suspend, /var/log/debug reports:

    Oct 22 12:59:14 vincent52 dbus: Can't send to audit system: USER_AVC
    pid=2180 uid=81 loginuid=-1 message=avc:  denied  { send_msg } for
    msgtype=method_call interface=org.freedesktop.NetworkManager
    member=sleep dest=org.freedesktop.NetworkManager spid=31524 tpid=2239
    scontext=system_u:system_r:apmd_t
    tcontext=system_u:system_r:NetworkManager_t tclass=dbus

On resume, /var/log/debug reports:

    Oct 22 12:59:39 vincent52 dbus: Can't send to audit system: USER_AVC
    pid=2180 uid=81 loginuid=-1 message=avc:  denied  { send_msg } for
    msgtype=method_call interface=org.freedesktop.NetworkManager
    member=wake dest=org.freedesktop.NetworkManager spid=31542 tpid=2239
    scontext=system_u:system_r:apmd_t
    tcontext=system_u:system_r:NetworkManager_t tclass=dbus

No messages appear in /var/log/audit/audit.log.


The relevant section of the suspend script is:

    /usr/bin/dbus-send --system --dest=org.freedesktop.NetworkManager \
    --type=method_call /org/freedesktop/NetworkManager \
    org.freedesktop.NetworkManager.sleep

    sync
    echo -n "mem" > /sys/power/state

    /usr/bin/dbus-send --system --dest=org.freedesktop.NetworkManager \
    --type=method_call /org/freedesktop/NetworkManager \
    org.freedesktop.NetworkManager.wake


Version-Release number of selected component (if applicable):
selinux-policy-targeted-1.27.1-2.7

How reproducible:
Always

Steps to Reproduce:
1. Run NetworkManager
2. Suspend via acpid (close lid or press sleep button)
3. Resume
  
Actual results:
As described above.  NM is confused if suspended and resumed in different
locations, attempts to connect to old WAP, which is no longer accessible. 

Expected results:
No errors.  NM takes actions specified for suspend/resume.  In particular, drops
memory of scanned netowrks on suspend and initiates fresh scan on resume.

Additional info:

Comment 1 Matthew Saltzman 2005-11-10 16:17:59 UTC
This seems to be working now as of selinux-policy-targeted-1.27.1-2.11.

Comment 2 Matthew Saltzman 2005-11-11 02:11:01 UTC
No, I was wrong.  I am seeing these messages with kernel-2.6.14-1.1637_FC4.

Comment 3 Daniel Walsh 2005-11-30 20:28:16 UTC
Looks like the fix is in selinux-policy-targeted-1.27.1-2.14, unless you are
seeing other AVC messages?

Comment 4 Matthew Saltzman 2005-12-02 21:18:45 UTC
Well, now that you mention it, I still have this in audit.log:

type=AVC msg=audit(1133557214.518:354): avc:  denied  { execute } for  pid=28915
comm="ifdown" name="functions" dev=dm-0 ino=16571
scontext=system_u:system_r:NetworkManager_t tcontext=system_u:object_r:etc_t
tclass=file

NetworkManager suspend/resume does seem to function, however.

Comment 5 Matthew Saltzman 2005-12-04 17:11:27 UTC
Not that it's unexpected, but I'm still seeing this with
selinux-policy-targeted-1.27.1-2.16.

Comment 7 Daniel Walsh 2006-05-05 15:03:20 UTC
Closing as these have been marked as modified, for a while.  Feel free to reopen
if not fixed