Bug 468419

Summary: avc denied dbus-daemon search xdm_tmp_t
Product: [Fedora] Fedora Reporter: Orion Poplawski <orion>
Component: kdebaseAssignee: Than Ngo <than>
Status: CLOSED RAWHIDE QA Contact: Fedora Extras Quality Assurance <extras-qa>
Severity: low Docs Contact:
Priority: low    
Version: rawhideCC: dwalsh, jkubin, jreznik, kevin, lorenzo, ltinkl, mgrepl, rdieter, than, tuxbrewr
Target Milestone: ---   
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2008-10-29 17:54:53 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description Orion Poplawski 2008-10-24 17:05:59 UTC
Description of problem:

Latest rawhide, running kdm, these appear about when kdm starts:

Oct 24 09:49:19 test kernel: type=1400 audit(1224863359.400:4): avc:  denied  { search } for  pid=2189 comm="dbus-daemon" name="1981980055" dev=tmpfs ino=8975 scontext=system_u:system_r:xdm_dbusd_t:s0-s0:c0.c1023 tcontext=system_u:object_r:xdm_tmp_t:s0 tclass=dir
Oct 24 09:49:19 test kernel: type=1400 audit(1224863359.400:5): avc:  denied  { search } for  pid=2189 comm="dbus-daemon" name="1981980055" dev=tmpfs ino=8975 scontext=system_u:system_r:xdm_dbusd_t:s0-s0:c0.c1023 tcontext=system_u:object_r:xdm_tmp_t:s0 tclass=dir

Version-Release number of selected component (if applicable):
selinux-policy-3.5.13-5.fc10.noarch


# ps -fe | grep dbus
dbus      1663     1  0 09:49 ?        00:00:00 dbus-daemon --system
root      2190     1  0 09:49 ?        00:00:00 dbus-launch --autolaunch ecd0c85db05b6c4cfb26d3cb4900b86a --binary-syntax --close-stderr
root      2191     1  0 09:49 ?        00:00:00 /bin/dbus-daemon --fork --print-pid 5 --print-address 7 --session
orion     2258     1  0 09:49 ?        00:00:00 dbus-launch --sh-syntax --exit-with-session
orion     2260     1  0 09:49 ?        00:00:00 /bin/dbus-daemon --fork --print-pid 6 --print-address 8 --session
root      3982     1  0 10:15 ?        00:00:00 /bin/dbus-daemon --fork --print-pid 5 --print-address 7 --session
root      4158     1  0 10:15 ?        00:00:00 dbus-launch --autolaunch ecd0c85db05b6c4cfb26d3cb4900b86a --binary-syntax --close-stderr
root      4159     1  0 10:15 ?        00:00:00 /bin/dbus-daemon --fork --print-pid 5 --print-address 7 --session

Comment 1 Daniel Walsh 2008-10-29 17:35:01 UTC
Strange.  This looks like dbus might be started while the current working directory is in /tmp/kde?

Or something like that.

Do you notice any failures?

I have no idea why dbus would want to search this directory unless it was where dbus was started from.

Reassigning to kdebase, dbus should not be stated from the tmp directory, if it is not please reassign back along with a suggestion of what is going on here.  :^)

Comment 2 Orion Poplawski 2008-10-29 17:54:53 UTC
I'm no longer seeing this with:

selinux-policy-3.5.13-8.fc10.noarch
kdebase-4.1.2-5.fc10.x86_64
kdebase-workspace-4.1.2-7.fc10.x86_64