Bug 2170059

Summary: Ensure dbus communication is allowed bidirectionally
Product: [Fedora] Fedora Reporter: Zdenek Pytela <zpytela>
Component: selinux-policyAssignee: Zdenek Pytela <zpytela>
Status: NEW --- QA Contact: Fedora Extras Quality Assurance <extras-qa>
Severity: medium Docs Contact:
Priority: medium    
Version: 39CC: dwalsh, lvrabec, mmalik, omosnacek, pkoncity, vmojzis, zpytela
Target Milestone: ---Keywords: Triaged
Target Release: ---   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description Zdenek Pytela 2023-02-15 14:45:31 UTC 
There are rules in the policy which allow dbus communication only in one way while iboth directions should be allowed.

This bug was initially created as a copy of Bug #2154245

I am copying this bug because: 



Description of problem:

RPM scriptlets (rpm_script_t) can execute hostnamectl, but systemd-hostnamed is not able to reply:
-------- 8< ---------------- 8< ---------------- 8< ---------------- 8< --------
# sesearch -A -s rpm_script_t -c dbus -t systemd_hostnamed_t
allow dbusd_unconfined nsswitch_domain:dbus send_msg;
allow dbusd_unconfined systemd_hostnamed_t:dbus send_msg;

# sesearch -A -t rpm_script_t -c dbus -s systemd_hostnamed_t
--> nothing
-------- 8< ---------------- 8< ---------------- 8< ---------------- 8< --------

Please make sure that every DBus message sender can get replies, it's very likely that such issue applies to other system components.

Version-Release number of selected component (if applicable):

selinux-policy-3.14.3-108.el8.noarch

How reproducible:

Always
Comment 1 Fedora Release Engineering 2023-08-16 08:08:48 UTC 
This bug appears to have been reported against 'rawhide' during the Fedora Linux 39 development cycle.
Changing version to 39.