Bug 171789 - acpid can't send dbus signals
Summary: acpid can't send dbus signals
Keywords:
Status: CLOSED RAWHIDE
Alias: None
Product: Fedora
Classification: Fedora
Component: selinux-policy-targeted
Version: 4
Hardware: i386
OS: Linux
medium
medium
Target Milestone: ---
Assignee: Daniel Walsh
QA Contact:
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2005-10-26 14:27 UTC by Matthew Saltzman
Modified: 2007-11-30 22:11 UTC (History)
1 user (show)

Fixed In Version:
Clone Of:
Environment:
Last Closed: 2006-05-05 15:03:20 UTC
Type: ---
Embargoed:

Attachments (Terms of Use)

Description Matthew Saltzman 2005-10-26 14:27:19 UTC 
Description of problem:
Recent versions of NetworkManager use dbus signals to control actions related to
suspend/resume (among others).

The suspend script runs without error when executed from the command line, but
produces these errors when invoked by pressing the suspend key.

On suspend, /var/log/debug reports:

    Oct 22 12:59:14 vincent52 dbus: Can't send to audit system: USER_AVC
    pid=2180 uid=81 loginuid=-1 message=avc:  denied  { send_msg } for
    msgtype=method_call interface=org.freedesktop.NetworkManager
    member=sleep dest=org.freedesktop.NetworkManager spid=31524 tpid=2239
    scontext=system_u:system_r:apmd_t
    tcontext=system_u:system_r:NetworkManager_t tclass=dbus

On resume, /var/log/debug reports:

    Oct 22 12:59:39 vincent52 dbus: Can't send to audit system: USER_AVC
    pid=2180 uid=81 loginuid=-1 message=avc:  denied  { send_msg } for
    msgtype=method_call interface=org.freedesktop.NetworkManager
    member=wake dest=org.freedesktop.NetworkManager spid=31542 tpid=2239
    scontext=system_u:system_r:apmd_t
    tcontext=system_u:system_r:NetworkManager_t tclass=dbus

No messages appear in /var/log/audit/audit.log.


The relevant section of the suspend script is:

    /usr/bin/dbus-send --system --dest=org.freedesktop.NetworkManager \
    --type=method_call /org/freedesktop/NetworkManager \
    org.freedesktop.NetworkManager.sleep

    sync
    echo -n "mem" > /sys/power/state

    /usr/bin/dbus-send --system --dest=org.freedesktop.NetworkManager \
    --type=method_call /org/freedesktop/NetworkManager \
    org.freedesktop.NetworkManager.wake


Version-Release number of selected component (if applicable):
selinux-policy-targeted-1.27.1-2.7

How reproducible:
Always

Steps to Reproduce:
1. Run NetworkManager
2. Suspend via acpid (close lid or press sleep button)
3. Resume
  
Actual results:
As described above.  NM is confused if suspended and resumed in different
locations, attempts to connect to old WAP, which is no longer accessible. 

Expected results:
No errors.  NM takes actions specified for suspend/resume.  In particular, drops
memory of scanned netowrks on suspend and initiates fresh scan on resume.

Additional info:
Comment 1 Matthew Saltzman 2005-11-10 16:17:59 UTC 
This seems to be working now as of selinux-policy-targeted-1.27.1-2.11.
Comment 2 Matthew Saltzman 2005-11-11 02:11:01 UTC 
No, I was wrong.  I am seeing these messages with kernel-2.6.14-1.1637_FC4.
Comment 3 Daniel Walsh 2005-11-30 20:28:16 UTC 
Looks like the fix is in selinux-policy-targeted-1.27.1-2.14, unless you are
seeing other AVC messages?
Comment 4 Matthew Saltzman 2005-12-02 21:18:45 UTC 
Well, now that you mention it, I still have this in audit.log:

type=AVC msg=audit(1133557214.518:354): avc:  denied  { execute } for  pid=28915
comm="ifdown" name="functions" dev=dm-0 ino=16571
scontext=system_u:system_r:NetworkManager_t tcontext=system_u:object_r:etc_t
tclass=file

NetworkManager suspend/resume does seem to function, however.
Comment 5 Matthew Saltzman 2005-12-04 17:11:27 UTC 
Not that it's unexpected, but I'm still seeing this with
selinux-policy-targeted-1.27.1-2.16.
Comment 7 Daniel Walsh 2006-05-05 15:03:20 UTC 
Closing as these have been marked as modified, for a while.  Feel free to reopen
if not fixed
Note You need to log in before you can comment on or make changes to this bug.