Bug 192556 - dbus-daemon AVC with nss_ldap
Summary: dbus-daemon AVC with nss_ldap
Alias: None
Product: Fedora
Classification: Fedora
Component: selinux-policy-targeted   
(Show other bugs)
Version: 5
Hardware: i686
OS: Linux
Target Milestone: ---
Assignee: Daniel Walsh
QA Contact:
Keywords: SELinux
Depends On:
Blocks: 192555
TreeView+ depends on / blocked
Reported: 2006-05-20 16:17 UTC by Ian Pilcher
Modified: 2008-08-02 23:40 UTC (History)
0 users

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Last Closed: 2006-08-03 12:45:38 UTC
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)

Description Ian Pilcher 2006-05-20 16:17:51 UTC
Description of problem:

When nss_ldap is enabled, dbus-daemon generates the following AVC at startup:

type=AVC msg=audit(1148140854.825:57): avc:  denied  { create } for  pid=2799
    comm="dbus-daemon" scontext=root:system_r:system_dbusd_t:s0
    tcontext=root:system_r:system_dbusd_t:s0 tclass=netlink_route_socket
type=SYSCALL msg=audit(1148140854.825:57): arch=40000003 syscall=102
    success=no exit=-13 a0=1 a1=bfbd11f4 a2=abcff4 a3=8d25bd8 items=0 pid=2799
    auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0
    comm="dbus-daemon" exe="/bin/dbus-daemon"
type=SOCKETCALL msg=audit(1148140854.825:57): nargs=3 a0=10 a1=3 a2=0

Version-Release number of selected component (if applicable):


How reproducible:


Steps to Reproduce:
1.  Enable nss_ldap and the SELinux targeted policy
2.  service start messagebus
Actual results:

AVC denial.

Expected results:

No AVC denial.

Additional info:

Comment 1 Ian Pilcher 2006-05-20 16:25:26 UTC
An almost identical AVC denial occurs when the haldaemon service is started.

Comment 2 Daniel Walsh 2006-06-16 02:18:32 UTC
Fixed in selinux-policy-2.2.47-3

Comment 3 Joachim Selke 2006-08-03 08:29:15 UTC
I can confirm dbus-daemon to work fine here, using
selinux-policy-targeted-2.3.3-8.fc5. Thanks.

Note You need to log in before you can comment on or make changes to this bug.