Bug 171789 - acpid can't send dbus signals
acpid can't send dbus signals
Status: CLOSED RAWHIDE
Product: Fedora
Classification: Fedora
Component: selinux-policy-targeted (Show other bugs)
4
i386 Linux
medium Severity medium
: ---
: ---
Assigned To: Daniel Walsh
:
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2005-10-26 10:27 EDT by Matthew Saltzman
Modified: 2007-11-30 17:11 EST (History)
1 user (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2006-05-05 11:03:20 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)

  None (edit)
Description Matthew Saltzman 2005-10-26 10:27:19 EDT
Description of problem:
Recent versions of NetworkManager use dbus signals to control actions related to
suspend/resume (among others).

The suspend script runs without error when executed from the command line, but
produces these errors when invoked by pressing the suspend key.

On suspend, /var/log/debug reports:

    Oct 22 12:59:14 vincent52 dbus: Can't send to audit system: USER_AVC
    pid=2180 uid=81 loginuid=-1 message=avc:  denied  { send_msg } for
    msgtype=method_call interface=org.freedesktop.NetworkManager
    member=sleep dest=org.freedesktop.NetworkManager spid=31524 tpid=2239
    scontext=system_u:system_r:apmd_t
    tcontext=system_u:system_r:NetworkManager_t tclass=dbus

On resume, /var/log/debug reports:

    Oct 22 12:59:39 vincent52 dbus: Can't send to audit system: USER_AVC
    pid=2180 uid=81 loginuid=-1 message=avc:  denied  { send_msg } for
    msgtype=method_call interface=org.freedesktop.NetworkManager
    member=wake dest=org.freedesktop.NetworkManager spid=31542 tpid=2239
    scontext=system_u:system_r:apmd_t
    tcontext=system_u:system_r:NetworkManager_t tclass=dbus

No messages appear in /var/log/audit/audit.log.


The relevant section of the suspend script is:

    /usr/bin/dbus-send --system --dest=org.freedesktop.NetworkManager \
    --type=method_call /org/freedesktop/NetworkManager \
    org.freedesktop.NetworkManager.sleep

    sync
    echo -n "mem" > /sys/power/state

    /usr/bin/dbus-send --system --dest=org.freedesktop.NetworkManager \
    --type=method_call /org/freedesktop/NetworkManager \
    org.freedesktop.NetworkManager.wake


Version-Release number of selected component (if applicable):
selinux-policy-targeted-1.27.1-2.7

How reproducible:
Always

Steps to Reproduce:
1. Run NetworkManager
2. Suspend via acpid (close lid or press sleep button)
3. Resume
  
Actual results:
As described above.  NM is confused if suspended and resumed in different
locations, attempts to connect to old WAP, which is no longer accessible. 

Expected results:
No errors.  NM takes actions specified for suspend/resume.  In particular, drops
memory of scanned netowrks on suspend and initiates fresh scan on resume.

Additional info:
Comment 1 Matthew Saltzman 2005-11-10 11:17:59 EST
This seems to be working now as of selinux-policy-targeted-1.27.1-2.11.
Comment 2 Matthew Saltzman 2005-11-10 21:11:01 EST
No, I was wrong.  I am seeing these messages with kernel-2.6.14-1.1637_FC4.
Comment 3 Daniel Walsh 2005-11-30 15:28:16 EST
Looks like the fix is in selinux-policy-targeted-1.27.1-2.14, unless you are
seeing other AVC messages?
Comment 4 Matthew Saltzman 2005-12-02 16:18:45 EST
Well, now that you mention it, I still have this in audit.log:

type=AVC msg=audit(1133557214.518:354): avc:  denied  { execute } for  pid=28915
comm="ifdown" name="functions" dev=dm-0 ino=16571
scontext=system_u:system_r:NetworkManager_t tcontext=system_u:object_r:etc_t
tclass=file

NetworkManager suspend/resume does seem to function, however.
Comment 5 Matthew Saltzman 2005-12-04 12:11:27 EST
Not that it's unexpected, but I'm still seeing this with
selinux-policy-targeted-1.27.1-2.16.
Comment 7 Daniel Walsh 2006-05-05 11:03:20 EDT
Closing as these have been marked as modified, for a while.  Feel free to reopen
if not fixed

Note You need to log in before you can comment on or make changes to this bug.