Bug 171652 - dbus fails to start due permission denied opening a socket
dbus fails to start due permission denied opening a socket
Product: Fedora
Classification: Fedora
Component: selinux-policy-targeted (Show other bugs)
All Linux
medium Severity medium
: ---
: ---
Assigned To: Russell Coker
Depends On:
  Show dependency treegraph
Reported: 2005-10-24 15:42 EDT by Brian G. Anderson
Modified: 2007-11-30 17:11 EST (History)
1 user (show)

See Also:
Fixed In Version: 1.27.2-2
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Last Closed: 2006-03-21 22:21:03 EST
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)

  None (edit)
Description Brian G. Anderson 2005-10-24 15:42:17 EDT
Description of problem:
dbus fails to start with the following message:
   dbus-daemon: Can't send to audit system: USER_AVC pid=1979 uid=0 loginuid=-1
   message=avc: can't open netlink socket: 13 (Permission denied)

dbus not starting causes NetworkManager to fail.

In order for the sytem to boot I have to add enforcing=0 to boot line.

Version-Release number of selected component (if applicable):

How reproducible:
Always without 

Steps to Reproduce:
1. boot system
Actual results:
dbus stops with permission denied

Expected results:
dbus should start

Additional info:
Comment 1 John (J5) Palmieri 2005-10-24 15:54:43 EDT
This looks like an SELinux configuration issue.  What policy are you running?
Comment 2 Brian G. Anderson 2005-10-24 16:44:01 EDT
selinux-policy-targeted 1.27.2-1

audit2why tells me this:

type=AVC msg=audit(1130179827.147:154): avc:  denied  { read } for  pid=1980
comm="dbus-daemon" scontext=system_u:system_r:system_dbusd_t:s0
tcontext=system_u:system_r:system_dbusd_t:s0 tclass=netlink_selinux_socket
        Was caused by:
                Missing or disabled TE allow rule.
                Allow rules may exist but be disabled by boolean settings; check
boolean settings.
                You can see the necessary allow rules by running audit2allow
with this audit message as input.
Comment 3 Daniel Walsh 2005-10-24 17:45:22 EDT
FIxed in selinux-policy-targeted-1.27.2-1
Comment 4 Brian G. Anderson 2005-10-24 18:33:48 EDT
But if you look at my last comment:  my machine is already at 1.27.2-1
Comment 5 Daniel Walsh 2005-10-25 13:05:30 EDT
should have been selinux-policy-targeted-1.27.2-2

Note You need to log in before you can comment on or make changes to this bug.