Description of problem: sssd_ifp process is not allowed to send the message back when selinux is in enforcing mode Version-Release number of selected component (if applicable): selinux-policy-3.7.19-285.el6 How reproducible: always Steps to Reproduce: 1. Selinux in enforcing mode 2. Install ipa client and add an ipa user corresponding that is assigned the signing certificate on the smart card 3. Execute - dbus-send --system --print-reply --dest=org.freedesktop.sssd.infopipe /org/freedesktop/sssd/infopipe/Users org.freedesktop.sssd.infopipe.Users.FindByCertificate string:"$(cat /tmp/ca_sign.pem)" Actual results: Error org.freedesktop.DBus.Error.NoReply: Did not receive a reply. Possible causes include: the remote application did not send a reply, the message bus security policy blocked the reply, the reply timeout expired, or the network connection was broken. type=USER_AVC msg=audit(1452201427.393:37): user pid=1856 uid=81 auid=4294967295 ses=4294967295 subj=system_u:system_r:system_dbusd_t:s0-s0:c0.c1023 msg='avc: denied { send_msg } for msgtype=method_return dest=:1.66 spid=1835 tpid=3179 scontext=system_u:system_r:sssd_t:s0 tcontext=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 tclass=dbus exe="/bin/dbus-daemon" sauid=81 hostname=? addr=? terminal=?' Expected results: Should receive the expected message successfully Additional info:
Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory, and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://rhn.redhat.com/errata/RHBA-2016-0763.html