Bug 1470501 - SELinux is preventing blueman-mechanism from send message to dbus
Summary: SELinux is preventing blueman-mechanism from send message to dbus
Keywords:
Status: CLOSED ERRATA
Alias: None
Product: Fedora
Classification: Fedora
Component: selinux-policy
Version: 26
Hardware: All
OS: Linux
unspecified
unspecified
Target Milestone: ---
Assignee: Lukas Vrabec
QA Contact: Fedora Extras Quality Assurance
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2017-07-13 04:46 UTC by Zamir SUN
Modified: 2018-03-20 17:32 UTC (History)
12 users (show)

Fixed In Version: selinux-policy-3.13.1-260.20.fc26
Doc Type: If docs needed, set a value
Doc Text:
Clone Of:
Environment:
Last Closed: 2018-03-20 17:32:54 UTC
Type: Bug
Embargoed:

Attachments (Terms of Use)
Error dialog upon Fedora 26 KDE/Plasma login (14.05 KB, image/png)
2017-09-07 02:01 UTC, Raif S. Naffah 		no flags Details
View All


Links
System ID Private Priority Status Summary Last Updated
Red Hat Bugzilla 1485337 0 unspecified CLOSED AccessDenied: An SELinux policy prevents this sender from sending this message to this recipient 2021-02-22 00:41:40 UTC

Internal Links: 1485337

Description Zamir SUN 2017-07-13 04:46:55 UTC 
Description of problem:
The following messages shows each time I login into F26 XFCE. This is upgraded from Fedora 25. 
g-io-error-quark: GDBus.Error:org.freedesktop.DBus.Python.GLib.Error: Traceback (most recent call last):
  File "/usr/lib64/python3.6/site-packages/dbus/service.py", line 707, in _message_cb
    retval = candidate_method(self, *args, **keywords)
  File "/usr/lib/python3.6/site-packages/blueman/main/DbusService.py", line 38, in wrapper
    return method(*args[1:], **kwargs)
  File "/usr/lib/python3.6/site-packages/blueman/plugins/mechanism/Network.py", line 56, in ReloadNetwork
    self.confirm_authorization(caller, "org.blueman.network.setup")
  File "/usr/libexec/blueman-mechanism", line 166, in confirm_authorization
    action_id, {}, 1, "")
  File "/usr/lib64/python3.6/site-packages/gi/overrides/Gio.py", line 172, in __call__
    None)
GLib.GError: g-dbus-error-quark: GDBus.Error:org.freedesktop.DBus.Error.AccessDenied: An SELinux policy prevents this sender from sending this message to this recipient, 0 matched rules; type="method_call", sender=":1.90" (uid=0 pid=6048 comm="python3 /usr/libexec/blueman-mechanism " label="system_u:system_r:blueman_t:s0") interface="org.freedesktop.PolicyKit1.Authority" member="CheckAuthorization" error name="(unset)" requested_reply="0" destination=":1.10" (uid=995 pid=1172 comm="/usr/lib/polkit-1/polkitd --no-debug " label="system_u:system_r:policykit_t:s0") (9)
 (36)

Version-Release number of selected component (if applicable):
[zsun@zsun-w541 ~]$ rpm -q selinux-policy
selinux-policy-3.13.1-259.fc26.noarch
[zsun@zsun-w541 ~]$ getenforce 
Enforcing
[zsun@zsun-w541 ~]$ grep -v '#' /etc/sysconfig/selinux 
grep: /etc/sysconfig/selinux: Permission denied
[zsun@zsun-w541 ~]$ sudo grep -v '#' /etc/sysconfig/selinux 
[sudo] password for zsun: 

SELINUX=enforcing
SELINUXTYPE=targeted

How reproducible:
Always

Steps to Reproduce:
1.
2.
3.

Actual results:


Expected results:


Additional info:
Comment 1 Raif S. Naffah 2017-09-07 02:01:38 UTC 
Created attachment 1322857 [details]
Error dialog upon Fedora 26 KDE/Plasma login

the same happens when logging in w/ Fedora 26 KDE/Plasma after the upgrade from 25 to 26.

the dialog (attached screenshot) and the message (when the 'Exception' item is clicked --same as reported-- follows:

g-io-error-quark: GDBus.Error:org.freedesktop.DBus.Python.GLib.Error: Traceback (most recent call last):
  File "/usr/lib64/python3.6/site-packages/dbus/service.py", line 707, in _message_cb
    retval = candidate_method(self, *args, **keywords)
  File "/usr/lib/python3.6/site-packages/blueman/main/DbusService.py", line 38, in wrapper
    return method(*args[1:], **kwargs)
  File "/usr/lib/python3.6/site-packages/blueman/plugins/mechanism/Network.py", line 56, in ReloadNetwork
    self.confirm_authorization(caller, "org.blueman.network.setup")
  File "/usr/libexec/blueman-mechanism", line 166, in confirm_authorization
    action_id, {}, 1, "")
  File "/usr/lib64/python3.6/site-packages/gi/overrides/Gio.py", line 172, in __call__
    None)
GLib.GError: g-dbus-error-quark: GDBus.Error:org.freedesktop.DBus.Error.AccessDenied: An SELinux policy prevents this sender from sending this message to this recipient, 0 matched rules; type="method_call", sender=":1.58" (uid=0 pid=1961 comm="python3 /usr/libexec/blueman-mechanism " label="system_u:system_r:blueman_t:s0") interface="org.freedesktop.PolicyKit1.Authority" member="CheckAuthorization" error name="(unset)" requested_reply="0" destination=":1.8" (uid=999 pid=930 comm="/usr/lib/polkit-1/polkitd --no-debug " label="system_u:system_r:policykit_t:s0") (9)
 (36)
Comment 2 Dean Smith 2017-09-10 02:26:05 UTC 
I think this is the root cause of the even earlier issue: https://bugzilla.redhat.com/show_bug.cgi?id=1441920

I have the same problem on boot with Fedora 26 GNOME, upgraded from Fedora 25. I am not sure if it happened immediately after the upgrade, as I may have installed blueman once I was on F26.
Comment 3 Milos Malik 2018-01-22 09:15:08 UTC 
----
type=USER_AVC msg=audit(01/22/2018 08:01:52.414:246) : pid=803 uid=dbus auid=unset ses=unset subj=system_u:system_r:system_dbusd_t:s0-s0:c0.c1023 msg='avc:  denied  { send_msg } for msgtype=method_call interface=org.freedesktop.PolicyKit1.Authority member=CheckAuthorization dest=:1.6 spid=2245 tpid=855 scontext=system_u:system_r:blueman_t:s0 tcontext=system_u:system_r:policykit_t:s0 tclass=dbus  exe=/usr/bin/dbus-daemon sauid=dbus hostname=? addr=? terminal=?' 
----

# rpm -qa selinux\*
selinux-policy-sandbox-3.13.1-260.18.fc26.noarch
selinux-policy-3.13.1-260.18.fc26.noarch
selinux-policy-devel-3.13.1-260.18.fc26.noarch
selinux-policy-targeted-3.13.1-260.18.fc26.noarch
# sesearch -s blueman_t -t policykit_t -c dbus -A
# sesearch -t blueman_t -s policykit_t -c dbus -A
#
Comment 4 Milos Malik 2018-01-26 09:04:25 UTC 
Caught in permissive mode:
----
time->Fri Jan 26 04:02:24 2018
type=USER_AVC msg=audit(1516957344.916:404): pid=400 uid=81 auid=4294967295 ses=4294967295 subj=system_u:system_r:system_dbusd_t:s0-s0:c0.c1023 msg='avc:  denied  { send_msg } for msgtype=method_call interface=org.freedesktop.DBus.Properties member=GetAll dest=:1.6 spid=9771 tpid=432 scontext=system_u:system_r:blueman_t:s0 tcontext=system_u:system_r:policykit_t:s0 tclass=dbus permissive=1  exe="/usr/bin/dbus-daemon" sauid=81 hostname=? addr=? terminal=?'
----
time->Fri Jan 26 04:02:24 2018
type=USER_AVC msg=audit(1516957344.916:405): pid=400 uid=81 auid=4294967295 ses=4294967295 subj=system_u:system_r:system_dbusd_t:s0-s0:c0.c1023 msg='avc:  denied  { send_msg } for msgtype=method_return dest=:1.44 spid=432 tpid=9771 scontext=system_u:system_r:policykit_t:s0 tcontext=system_u:system_r:blueman_t:s0 tclass=dbus permissive=1  exe="/usr/bin/dbus-daemon" sauid=81 hostname=? addr=? terminal=?'
----
# rpm -qa selinux\*
selinux-policy-devel-3.13.1-283.21.fc27.noarch
selinux-policy-targeted-3.13.1-283.21.fc27.noarch
selinux-policy-3.13.1-283.21.fc27.noarch
#
Comment 5 Fedora Update System 2018-03-12 18:29:18 UTC 
selinux-policy-3.13.1-260.20.fc26 has been submitted as an update to Fedora 26. https://bodhi.fedoraproject.org/updates/FEDORA-2018-1969794434
Comment 6 Fedora Update System 2018-03-13 23:57:17 UTC 
selinux-policy-3.13.1-260.20.fc26 has been pushed to the Fedora 26 testing repository. If problems still persist, please make note of it in this bug report.
See https://fedoraproject.org/wiki/QA:Updates_Testing for
instructions on how to install test updates.
You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2018-1969794434
Comment 7 Fedora Update System 2018-03-20 17:32:54 UTC 
selinux-policy-3.13.1-260.20.fc26 has been pushed to the Fedora 26 stable repository. If problems still persist, please make note of it in this bug report.
Note You need to log in before you can comment on or make changes to this bug.