Bug 192556 - dbus-daemon AVC with nss_ldap
Summary: dbus-daemon AVC with nss_ldap
Status: CLOSED RAWHIDE
Alias: None
Product: Fedora
Classification: Fedora
Component: selinux-policy-targeted   
(Show other bugs)
Version: 5
Hardware: i686
OS: Linux
medium
low
Target Milestone: ---
Assignee: Daniel Walsh
QA Contact:
URL:
Whiteboard:
Keywords: SELinux
Depends On:
Blocks: 192555
TreeView+ depends on / blocked
 
Reported: 2006-05-20 16:17 UTC by Ian Pilcher
Modified: 2008-08-02 23:40 UTC (History)
0 users

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2006-08-03 12:45:38 UTC
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)
Add an attachment (proposed patch, testcase, etc.)

Description Ian Pilcher 2006-05-20 16:17:51 UTC 
Description of problem:

When nss_ldap is enabled, dbus-daemon generates the following AVC at startup:

type=AVC msg=audit(1148140854.825:57): avc:  denied  { create } for  pid=2799
    comm="dbus-daemon" scontext=root:system_r:system_dbusd_t:s0
    tcontext=root:system_r:system_dbusd_t:s0 tclass=netlink_route_socket
type=SYSCALL msg=audit(1148140854.825:57): arch=40000003 syscall=102
    success=no exit=-13 a0=1 a1=bfbd11f4 a2=abcff4 a3=8d25bd8 items=0 pid=2799
    auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0
    comm="dbus-daemon" exe="/bin/dbus-daemon"
type=SOCKETCALL msg=audit(1148140854.825:57): nargs=3 a0=10 a1=3 a2=0


Version-Release number of selected component (if applicable):

selinux-policy-targeted-2.2.40-1.fc5


How reproducible:

100%


Steps to Reproduce:
1.  Enable nss_ldap and the SELinux targeted policy
2.  service start messagebus
  
Actual results:

AVC denial.


Expected results:

No AVC denial.


Additional info:
Comment 1 Ian Pilcher 2006-05-20 16:25:26 UTC 
An almost identical AVC denial occurs when the haldaemon service is started.
Comment 2 Daniel Walsh 2006-06-16 02:18:32 UTC 
Fixed in selinux-policy-2.2.47-3
Comment 3 Joachim Selke 2006-08-03 08:29:15 UTC 
I can confirm dbus-daemon to work fine here, using
selinux-policy-targeted-2.3.3-8.fc5. Thanks.
Note You need to log in before you can comment on or make changes to this bug.