From Bugzilla Helper: User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.7.5) Gecko/20041228 Firefox/1.0 Fedora/1.0-8 Description of problem: audit(1105649227.265:0): avc: denied { search } for pid=4086 exe=/usr/lib/firefox-1.0/firefox-bin name=nscd dev=dm-0 ino=146399 scontext=user_u:user_r:user_mozilla_t tcontext=system_u:object_r:nscd_var_run_t tclass=dir Version-Release number of selected component (if applicable): selinux-policy-strict-1.21.1-1 How reproducible: Didn't try Steps to Reproduce: Additional info:
Also: audit(1106152246.614:0): avc: denied { search } for pid=3433 exe=/usr/bin/dbus-daemon-1 name=run dev=dm-0 ino=1168164 scontext=user_u:user_r:user_dbusd_t tcontext=system_u:object_r:var_run_t tclass=dir Perhaps: --- dbusd_macros.te 2005-01-19 16:00:32.000000000 -0700 +++ dbusd_macros.new 2005-01-19 15:57:58.000000000 -0700 @@ -14,7 +14,7 @@ typealias system_dbusd_t alias dbusd_t; type etc_dbusd_t, file_type, sysadmfile; ',` -type $1_dbusd_t, domain, privlog, userspace_objmgr; +type $1_dbusd_t, domain, privlog, nscd_client_domain, userspace_objmgr; role $1_r types $1_dbusd_t; domain_auto_trans($1_t, system_dbusd_exec_t, $1_dbusd_t) read_locale($1_dbusd_t) --- mozilla_macros.te 2005-01-19 16:08:28.000000000 -0700 +++ mozilla_macros.new 2005-01-19 15:56:37.000000000 -0700 @@ -16,7 +16,7 @@ # provided separately in domains/program/mozilla.te. # define(`mozilla_domain',` -x_client_domain($1, mozilla, `, web_client_domain, privlog, transitionbool') +x_client_domain($1, mozilla, `, nscd_client_domain, web_client_domain, privlog, transitionbool') allow $1_mozilla_t sound_device_t:chr_file rw_file_perms;
Added dbus change. Made change of adding nscd_client_domain inside of x_client_domain macro Fixed in selinux-policy-strict-1.21.2-6
Hmm? I don't see those changes in -7.
Nor in 1.21.3-1
Nor in 1.21.3-4. If this is fixed, can you mention where - maybe I'm just missing it somewhere.
Yep, looks like it got lost, Put back in selinux-policy-strict-1.21.4-1
I see it for x_client, still missing for dbusd.