Bug 1160508 - SELinux is preventing ibus-x11 from 'connectto' accesses on the unix_stream_socket @/tmp/dbus-23MRaeN85Y.
Summary: SELinux is preventing ibus-x11 from 'connectto' accesses on the unix_stream_s...
Keywords:
Status: CLOSED WORKSFORME
Alias: None
Product: Fedora
Classification: Fedora
Component: ibus
Version: 21
Hardware: x86_64
OS: Unspecified
unspecified
unspecified
Target Milestone: ---
Assignee: fujiwara
QA Contact: Fedora Extras Quality Assurance
URL:
Whiteboard: abrt_hash:0b3e1dd4fca75cb3d20173068ce...
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2014-11-05 03:57 UTC by Leslie Satenstein
Modified: 2016-10-01 10:58 UTC (History)
25 users (show)

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed: 2015-03-10 04:17:14 UTC
Type: ---

Attachments (Terms of Use)
Add an attachment (proposed patch, testcase, etc.)

Description Leslie Satenstein 2014-11-05 03:57:42 UTC 
Description of problem:
selected onscreen keyboard (as part of testing)
1) The Layout for the Canadian French keyboard is missing a key between the left shift key and the Z.
2) The on screen keyboard does not have any of the special characters matching the layout of the Canadian French keyboard.
3) The Euro is shwn on the On Screen keyboard, but is not present on the Canadian French keyboard (Consensus is that the Euro should be sharing the E key and the yen the Y key 
4) I cannot enter accented characters.
5) The keyboard layout for Latam does not match the latam layout.

Please refer to wikipaedia for (iso) layouts 

By the way, Prior to Gnome new look (Fedora 18 and before, the layouts were correctly shown for Canada French and Latam.

Starting up the on-screen keyboard generated this error.  
SELinux is preventing ibus-x11 from 'connectto' accesses on the unix_stream_socket @/tmp/dbus-23MRaeN85Y.

*****  Plugin catchall (100. confidence) suggests   **************************

If you believe that ibus-x11 should be allowed connectto access on the dbus-23MRaeN85Y unix_stream_socket by default.
Then you should report this as a bug.
You can generate a local policy module to allow this access.
Do
allow this access for now by executing:
# grep ibus-x11 /var/log/audit/audit.log | audit2allow -M mypol
# semodule -i mypol.pp

Additional Information:
Source Context                system_u:system_r:xdm_t:s0-s0:c0.c1023
Target Context                unconfined_u:unconfined_r:unconfined_dbusd_t:s0-s0
                              :c0.c1023
Target Objects                @/tmp/dbus-23MRaeN85Y [ unix_stream_socket ]
Source                        ibus-x11
Source Path                   ibus-x11
Port                          <Unknown>
Host                          (removed)
Source RPM Packages           
Target RPM Packages           
Policy RPM                    selinux-policy-3.13.1-91.fc21.noarch
Selinux Enabled               True
Policy Type                   targeted
Enforcing Mode                Enforcing
Host Name                     (removed)
Platform                      Linux (removed) 3.17.1-302.fc21.x86_64 #1 SMP Fri
                              Oct 17 20:05:46 UTC 2014 x86_64 x86_64
Alert Count                   1
First Seen                    2014-11-04 22:47:16 EST
Last Seen                     2014-11-04 22:47:16 EST
Local ID                      028c8e33-ed2c-4cb9-8893-935a2d24b6c8

Raw Audit Messages
type=AVC msg=audit(1415159236.93:504): avc:  denied  { connectto } for  pid=2586 comm="ibus-x11" path=002F746D702F646275732D32334D5261654E383559 scontext=system_u:system_r:xdm_t:s0-s0:c0.c1023 tcontext=unconfined_u:unconfined_r:unconfined_dbusd_t:s0-s0:c0.c1023 tclass=unix_stream_socket permissive=0


Hash: ibus-x11,xdm_t,unconfined_dbusd_t,unix_stream_socket,connectto

Version-Release number of selected component:
selinux-policy-3.13.1-91.fc21.noarch

Additional info:
reporter:       libreport-2.3.0
hashmarkername: setroubleshoot
kernel:         3.17.1-302.fc21.x86_64
type:           libreport

Potential duplicate: bug 1054407
Comment 1 Lukas Vrabec 2014-12-11 16:38:26 UTC 
Hi, 
What is ibus-x11 ?
Comment 2 Leslie Satenstein 2014-12-22 19:01:18 UTC 
What is iBus?

From what I can tell it’s an input framework that is probably some way of enabling easier non-english language input… Not sure though.

It’s a replacement candidate for SCIM, an input method primarily for Chinese, Korean, Japanese, … language users.
Comment 3 Pratik Kumar 2015-01-24 08:17:33 UTC 
Description of problem:
It happened after startup

Version-Release number of selected component:
selinux-policy-3.13.1-99.fc21.noarch

Additional info:
reporter:       libreport-2.3.0
hashmarkername: setroubleshoot
kernel:         3.17.4-301.fc21.x86_64
type:           libreport
Comment 4 servizioutentelgu 2015-02-22 10:50:53 UTC 
Description of problem:
Forse dopo che ho installato delle applicazioni con yum.Ancora adesso quando uso yum mi restituisce degli errori.Oppure forse dopo che ho fatto degli aggiornamenti.Spero di esservi stato utile.

Version-Release number of selected component:
selinux-policy-3.13.1-105.3.fc21.noarch

Additional info:
reporter:       libreport-2.3.0
hashmarkername: setroubleshoot
kernel:         3.18.7-200.fc21.x86_64
type:           libreport
Comment 5 Lukas Vrabec 2015-02-23 09:33:14 UTC 
Adding guys from ibus. 

Does anyone know what's going on here?
Comment 6 fujiwara 2015-02-24 06:53:26 UTC 
I don't see that error message.

% grep ibus-x11 /var/log/audit/audit.log | audit2allow -M mypol
Nothing to do

grep ibus-x11 /var/log/audit/audit.log
type=ANOM_ABEND msg=audit(1409822020.237:4450): auid=1000 uid=1000 gid=1000 ses=210 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 pid=32551 comm="ibus-x11" exe="/usr/libexec/ibus-x11" sig=11
type=ANOM_ABEND msg=audit(1409828082.718:4477): auid=1000 uid=1000 gid=1000 ses=210 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 pid=2250 comm="ibus-x11" exe="/usr/libexec/ibus-x11" sig=11
type=ANOM_ABEND msg=audit(1409837629.930:4658): auid=1000 uid=1000 gid=1000 ses=210 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 pid=3440 comm="ibus-x11" exe="/usr/libexec/ibus-x11" sig=11
type=ANOM_ABEND msg=audit(1409849878.478:4836): auid=1000 uid=1000 gid=1000 ses=210 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 pid=6270 comm="ibus-x11" exe="/usr/libexec/ibus-x11" sig=11

ibus-x11 itself does not touch /tmp/dbus-*.

How can I reproduce your problem?
Comment 7 fujiwara 2015-02-24 06:54:36 UTC 
ibus-x11 is launched by ibus-daemon.

% ibus-daemon --xim --verbose
Comment 8 Victor 2015-03-01 11:13:36 UTC 
Description of problem:
SELinux is preventing ibus-x11 from connectto access on the unix_stream_socket @/tmp/dbus-yRdCVlRZBD.

*****  Plugin catchall (100. confidence) suggests   **************************

If you believe that ibus-x11 should be allowed connectto access on the dbus-yRdCVlRZBD unix_stream_socket by default.
Then you should report this as a bug.
You can generate a local policy module to allow this access.
Do
allow this access for now by executing:
# grep ibus-x11 /var/log/audit/audit.log | audit2allow -M mypol
# semodule -i mypol.pp

Additional Information:
Source Context                system_u:system_r:xdm_t:s0-s0:c0.c1023
Target Context                unconfined_u:unconfined_r:unconfined_dbusd_t:s0-s0
                              :c0.c1023
Target Objects                @/tmp/dbus-yRdCVlRZBD [ unix_stream_socket ]
Source                        ibus-x11
Source Path                   ibus-x11
Port                          <Unknown>
Host                          (removed)
Source RPM Packages           
Target RPM Packages           
Policy RPM                    selinux-policy-3.13.1-105.3.fc21.noarch
Selinux Enabled               True
Policy Type                   targeted
Enforcing Mode                Enforcing
Host Name                     (removed)
Platform                      Linux localhost.localdomain 3.18.7-200.fc21.i686
                              #1 SMP Wed Feb 11 22:26:31 UTC 2015 i686 i686
Alert Count                   2
First Seen                    2015-02-28 23:18:42 AEDT
Last Seen                     2015-03-01 22:06:01 AEDT
Local ID                      b7073ac5-dde9-483f-ae94-2b8239c92b74

Raw Audit Messages
type=AVC msg=audit(1425207961.743:454): avc:  denied  { connectto } for  pid=1824 comm="ibus-x11" path=002F746D702F646275732D79526443566C525A4244 scontext=system_u:system_r:xdm_t:s0-s0:c0.c1023 tcontext=unconfined_u:unconfined_r:unconfined_dbusd_t:s0-s0:c0.c1023 tclass=unix_stream_socket permissive=0


Hash: ibus-x11,xdm_t,unconfined_dbusd_t,unix_stream_socket,connectto

Version-Release number of selected component:
selinux-policy-3.13.1-105.3.fc21.noarch

Additional info:
reporter:       libreport-2.3.0
hashmarkername: setroubleshoot
kernel:         3.18.7-200.fc21.i686
type:           libreport
Comment 9 fujiwara 2015-03-02 08:28:25 UTC 
I don't understand the suggested fix.
Is it an ibus-x11 issue?
Comment 10 Leslie Satenstein 2015-03-09 14:48:10 UTC 
Please close, is fixed for Fedora22
Comment 11 Jens Petersen 2015-03-10 05:56:11 UTC 
Is there a problem for F21?
Comment 12 Leslie Satenstein 2015-03-19 12:06:20 UTC 
There may be. But a fix is to manually redo localectl set-keymap to include pc105 in the settings.

I would say, deferred
Comment 13 antonio montagnani 2015-04-10 17:18:54 UTC 
Description of problem:
just started

Version-Release number of selected component:
selinux-policy-3.13.1-105.9.fc21.noarch

Additional info:
reporter:       libreport-2.3.0
hashmarkername: setroubleshoot
kernel:         3.19.3-200.fc21.x86_64
type:           libreport
Comment 14 Ruben 2015-05-06 20:01:17 UTC 
Description of problem:
Se presento al iniciar el sistema.

Version-Release number of selected component:
selinux-policy-3.13.1-99.fc21.noarch

Additional info:
reporter:       libreport-2.3.0
hashmarkername: setroubleshoot
kernel:         3.17.4-301.fc21.x86_64
type:           libreport
Comment 15 Kristitheclovn 2015-12-25 12:40:21 UTC 
Description of problem:
I

Version-Release number of selected component:
selinux-policy-3.13.1-105.21.fc21.noarch

Additional info:
reporter:       libreport-2.3.0
hashmarkername: setroubleshoot
kernel:         4.1.13-100.fc21.x86_64
type:           libreport
Comment 16 Kristitheclovn 2016-03-10 19:04:10 UTC 
Description of problem:
I was loging in

Version-Release number of selected component:
selinux-policy-3.13.1-105.21.fc21.noarch

Additional info:
reporter:       libreport-2.3.0
hashmarkername: setroubleshoot
kernel:         4.1.13-100.fc21.x86_64
type:           libreport
Comment 17 Kristitheclovn 2016-03-21 13:43:55 UTC 
Description of problem:
I dont know

Version-Release number of selected component:
selinux-policy-3.13.1-105.21.fc21.noarch

Additional info:
reporter:       libreport-2.3.0
hashmarkername: setroubleshoot
kernel:         4.1.13-100.fc21.x86_64
type:           libreport
Comment 18 Kristitheclovn 2016-10-01 10:58:55 UTC 
Description of problem:
I dont know
It represents at starting

Version-Release number of selected component:
selinux-policy-3.13.1-105.21.fc21.noarch

Additional info:
reporter:       libreport-2.3.0
hashmarkername: setroubleshoot
kernel:         4.1.13-100.fc21.x86_64
type:           libreport
Note You need to log in before you can comment on or make changes to this bug.