From Bugzilla Helper: User-Agent: Mozilla/5.0 (X11; U; Linux x86_64; en-US; rv:1.7.12) Gecko/20050921 Red Hat/1.0.7-1.4.1 Firefox/1.0.7 Description of problem: Getting lots of the following message after up2date'ing to RHEL 4 WS U2. Oct 11 19:35:03 myhostname dbus: Can't send to audit system: USER_AVC pid=2778 uid=81 loginuid=-1 message=avc: denied { send_msg } for scontext=user_u:system_r:unconfined_t tcontext=user_u:system_r:initrc_t tclass=dbus I thought perhaps this was because I wasn't running auditd, but I turned it up with no change. Version-Release number of selected component (if applicable): How reproducible: Always Steps to Reproduce: A chronic problem. Additional info:
D-Bus now sends avc denial messages through libaudit. There is a restriction where only root processes can send messages so these pop up in your /var/log/messages. Reassigning to audit.
This is the correct operation for the disposition of the message. I am wondering why you are getting the message, though. Checking into dbus policy.
Policy problem fixed in ftp://people.redhat.com/dwalsh/SELinux/RHEL4/u3 policy.selinux-policy-targeted-1.17.30-2.113.noarch.rpm
(In reply to comment #3) > Policy problem fixed in ftp://people.redhat.com/dwalsh/SELinux/RHEL4/u3 > policy.selinux-policy-targeted-1.17.30-2.113.noarch.rpm It it OK to install that policy on a U2 system or do I have to wait for U3? Thanks!
It should be fine. This policy has been pushed into the U3 stream.
With selinux-policy-strict-1.27.2-21, I get the following logged every second or so (causing a lot of disk activity): Nov 20 22:35:12 imp dbus: Can't send to audit system: USER_AVC pid=2472 uid=81 loginuid=-1 message=avc: denied { send_msg } for msgtype=method_call interface=org.freedesktop.DBus member=RequestName dest=org.freedesktop.DBus spid=3159 scontext=system_u:system_r:kernel_t tcontext=system_u:system_r:kernel_t tclass=dbus Nov 20 22:35:12 imp dbus: Can't send to audit system: USER_AVC pid=2472 uid=81 loginuid=-1 message=avc: denied { acquire_svc } for service=org.freedesktop.NetworkManagerInfo spid=3159 scontext=system_u:system_r:kernel_t tcontext=system_u:system_r:kernel_t tclass=dbus Nov 20 22:35:12 imp dbus: Can't send to audit system: USER_AVC pid=2472 uid=81 loginuid=-1 message=avc: denied { send_msg } for msgtype=method_call interface=org.freedesktop.DBus member=RequestName dest=org.freedesktop.DBus spid=3155 scontext=system_u:system_r:kernel_t tcontext=system_u:system_r:kernel_t tclass=dbus Nov 20 22:35:12 imp dbus: Can't send to audit system: USER_AVC pid=2472 uid=81 loginuid=-1 message=avc: denied { acquire_svc } for service=org.freedesktop.NetworkManagerInfo spid=3155 scontext=system_u:system_r:kernel_t tcontext=system_u:system_r:kernel_t tclass=dbus Nov 20 22:35:12 imp dbus: Can't send to audit system: USER_AVC pid=2472 uid=81 loginuid=-1 message=avc: denied { send_msg } for msgtype=method_call interface=org.freedesktop.DBus member=RequestName dest=org.freedesktop.DBus spid=3157 scontext=system_u:system_r:kernel_t tcontext=system_u:system_r:kernel_t tclass=dbus Nov 20 22:35:12 imp dbus: Can't send to audit system: USER_AVC pid=2472 uid=81 loginuid=-1 message=avc: denied { acquire_svc } for service=org.freedesktop.NetworkManagerInfo spid=3157 scontext=system_u:system_r:kernel_t tcontext=system_u:system_r:kernel_t tclass=dbus
Any chance of getting this released as an errata (as you mentioned on Oct 24 at https://www.redhat.com/archives/fedora-selinux-list/2005-October/msg00114.html), or do we have to wait for U3 to be released? This is rather painful for our logs, but upgrading to "unsupported" packages is undesirable.
I think you would need to go through support to make that happen. Dan
An advisory has been issued which should help the problem described in this bug report. This report is therefore being closed with a resolution of ERRATA. For more information on the solution and/or where to find the updated files, please follow the link below. You may reopen this bug report if the solution does not work for you. http://rhn.redhat.com/errata/RHBA-2006-0049.html