Bug 1044195 - SELinux is preventing /usr/bin/dbus-daemon (deleted) from 'entrypoint' accesses on the file /usr/libexec/at-spi2-registryd.
Summary: SELinux is preventing /usr/bin/dbus-daemon (deleted) from 'entrypoint' access...
Keywords:
Status: CLOSED INSUFFICIENT_DATA
Alias: None
Product: Fedora
Classification: Fedora
Component: selinux-policy
Version: 20
Hardware: i686
OS: Unspecified
unspecified
unspecified
Target Milestone: ---
Assignee: Miroslav Grepl
QA Contact: Fedora Extras Quality Assurance
URL:
Whiteboard: abrt_hash:816a73c8086ecfa036be58cd988...
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2013-12-17 21:51 UTC by BrollyLSSJ
Modified: 2014-11-21 12:49 UTC (History)
4 users (show)

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed: 2014-11-21 12:49:07 UTC
Type: ---

Attachments (Terms of Use)
Add an attachment (proposed patch, testcase, etc.)

Description BrollyLSSJ 2013-12-17 21:51:38 UTC 
Description of problem:
I just upgraded from Fedora 19 to Fedora 20 via yum as fedup was not working. That also applies to the 5 other reports today a
SELinux is preventing /usr/bin/dbus-daemon (deleted) from 'entrypoint' accesses on the file /usr/libexec/at-spi2-registryd.

*****  Plugin catchall (100. confidence) suggests   **************************

If you believe that dbus-daemon (deleted) should be allowed entrypoint access on the at-spi2-registryd file by default.
Then you should report this as a bug.
You can generate a local policy module to allow this access.
Do
allow this access for now by executing:
# grep dbus-daemon /var/log/audit/audit.log | audit2allow -M mypol
# semodule -i mypol.pp

Additional Information:
Source Context                system_u:system_r:xdm_t:s0-s0:c0.c1023
Target Context                system_u:object_r:bin_t:s0
Target Objects                /usr/libexec/at-spi2-registryd [ file ]
Source                        dbus-daemon
Source Path                   /usr/bin/dbus-daemon (deleted)
Port                          <Unknown>
Host                          (removed)
Source RPM Packages           
Target RPM Packages           at-spi2-core-2.8.0-3.fc19.i686
Policy RPM                    selinux-policy-3.12.1-74.13.fc19.noarch
Selinux Enabled               True
Policy Type                   targeted
Enforcing Mode                Enforcing
Host Name                     (removed)
Platform                      Linux (removed) 3.11.8-200.fc19.i686.PAE #1 SMP
                              Wed Nov 13 16:44:46 UTC 2013 i686 i686
Alert Count                   1
First Seen                    2013-11-21 18:35:34 CET
Last Seen                     2013-11-21 18:35:34 CET
Local ID                      5f68b4f6-bbc0-4ed7-96fd-78255d407fec

Raw Audit Messages
type=AVC msg=audit(1385055334.94:3466): avc:  denied  { entrypoint } for  pid=20026 comm="dbus-daemon" path="/usr/libexec/at-spi2-registryd" dev="dm-1" ino=38088 scontext=system_u:system_r:xdm_t:s0-s0:c0.c1023 tcontext=system_u:object_r:bin_t:s0 tclass=file


type=SYSCALL msg=audit(1385055334.94:3466): arch=i386 syscall=execve success=no exit=EACCES a0=b92fdb88 a1=b92fdcc8 a2=b92fd488 a3=b items=0 ppid=20025 pid=20026 auid=4294967295 uid=42 gid=42 euid=42 suid=42 fsuid=42 egid=42 sgid=42 fsgid=42 ses=4294967295 tty=(none) comm=dbus-daemon exe=2F7573722F62696E2F646275732D6461656D6F6E202864656C6574656429 subj=system_u:system_r:xdm_t:s0-s0:c0.c1023 key=(null)

Hash: dbus-daemon,xdm_t,bin_t,file,entrypoint

Additional info:
reporter:       libreport-2.1.9
hashmarkername: setroubleshoot
kernel:         3.11.10-301.fc20.i686+PAE
type:           libreport
Comment 1 Daniel Walsh 2013-12-19 20:41:34 UTC 
Did this just happen during update?
Note You need to log in before you can comment on or make changes to this bug.