Bug 280561

Summary: dbus: Can't send to audit system
Product: Red Hat Enterprise Linux 5 Reporter: Martin Poole <mpoole>
Component: dbusAssignee: David Zeuthen <davidz>
Status: CLOSED DUPLICATE QA Contact: desktop-bugs <desktop-bugs>
Severity: medium Docs Contact:
Priority: medium    
Version: 5.0CC: dwalsh, mclasen, reg.bugs, rkhadgar, sgrubb
Target Milestone: ---   
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2008-04-15 19:39:53 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description Martin Poole 2007-09-06 14:13:33 UTC 
+++ This bug was initially created as a clone of Bug #237289 +++

+++ This bug was initially created as a clone of Bug #221168 +++

Description of problem:
Whenever I update my 'local' policy using 'semodule -i local.pp', I get the
following error in my syslog:

dbus: Can't send to audit system: USER_AVC avc:  received policyload notice
(seqno=5) : exe="/bin/dbus-daemon" (sauid=505, hostname=?, addr=?, terminal=?)

-- Additional comment from bugzilla on 2007-03-18 09:26 EST --
Is this going to be fixed?????

-- Additional comment from bugzilla on 2007-03-27 20:33 EST --
Still haven't heard anything on this whether or not it is meaningful and whether
or not it will be fixed...

-- Additional comment from dwalsh on 2007-03-28 16:19 EST --
This seems to be an audit problem.  Audit messages are not being allowed to be
sent if your uid is not 0.

-- Additional comment from dwalsh on 2007-04-02 13:57 EST --
Created an attachment (id=151452)
Start SELinux thread after setuid call.


-- Additional comment from dwalsh on 2007-04-02 14:00 EST --
Capabilities do not seem to be set cross threads. So if you setuid and retain
certain capabilities after thread creation.  The other threads will not get the
capability.  Moving the creation of the thread after the setuid/capset calls.
gives all threads the capability and the dbus code works.

This patch should be applied to RHEL5/FC6/and devel

-- Additional comment from bugzilla on 2007-04-11 13:11 EST --
Has the patch been applied yet?

-- Additional comment from davidz on 2007-04-12 15:15 EST --
Applied.

-- Additional comment from bugzilla on 2007-04-13 03:53 EST --
I have a fully updated FC6 system and still get the same errors when doing a
'setenforce' operation.

Is a reboot or other service restart required to fix this problem?

-- Additional comment from dwalsh on 2007-04-13 09:44 EST --
You need to restart dbus for this to take effect.  The best way to do this is to
reboot, since restarting the messagebus will cause certain desktop apps to blow up.

-- Additional comment from bugzilla on 2007-04-14 23:44 EST --
I still am getting the errors. Is this only patched in rawhide or will it be
backported to FC6?

-- Additional comment from sgrubb on 2007-04-15 08:46 EST --
I am pretty sure its built only for rawhide at this point. But if the problem is
also in FC6, it should be built there too. The patch is not terribly invasive.

-- Additional comment from bugzilla on 2007-04-18 18:40 EST --
Would be great to see it fixed in FC6 since I noticed and reported this bug back
in January on my FC6 system (I am the original bug poster to this thread so I am
assuming we are talking about the same thing :)

Thanks

-- Additional comment from davidz on 2007-04-22 20:52 EST --
dbus-1.0.1-12.fc6 should appear in updates-testing for FC6 when the someone from
RelEng pushes it - please test this and let me know if the fix works. Thanks.

-- Additional comment from updates on 2007-04-24 16:44 EST --
dbus-1.0.1-12.fc6 has been pushed for fc6, which should resolve this issue.  If
these problems are still present in this version, then please make note of it in
this bug report.

-- Additional comment from updates on 2007-04-30 18:11 EST --
dbus-1.0.1-12.fc6 has been pushed for fc6, which should resolve this issue.  If
these problems are still present in this version, then please make note of it in
this bug report.
Comment 1 Daniel Walsh 2007-09-24 18:43:49 UTC 
There is a fix in rawhide that would fix this problem.  Just move the audit-init
to the place where the capabilities are being preserved.  Otherwise the code
will use syslog.
Comment 2 RHEL Program Management 2007-12-03 20:46:03 UTC 
This request was evaluated by Red Hat Product Management for
inclusion, but this component is not scheduled to be updated in
the current Red Hat Enterprise Linux release.  This request will
be reviewed for a future Red Hat Enterprise Linux release.
Comment 3 Daniel Walsh 2008-04-15 14:05:45 UTC 
turns out this is far more serious,  Currently in RHEL5 dbus can not send audit
messages at all.
Comment 4 Daniel Walsh 2008-04-15 19:39:53 UTC 

*** This bug has been marked as a duplicate of 439810 ***