Description of problem: When nss_ldap is enabled, dbus-daemon generates the following AVC at startup: type=AVC msg=audit(1148140854.825:57): avc: denied { create } for pid=2799 comm="dbus-daemon" scontext=root:system_r:system_dbusd_t:s0 tcontext=root:system_r:system_dbusd_t:s0 tclass=netlink_route_socket type=SYSCALL msg=audit(1148140854.825:57): arch=40000003 syscall=102 success=no exit=-13 a0=1 a1=bfbd11f4 a2=abcff4 a3=8d25bd8 items=0 pid=2799 auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 comm="dbus-daemon" exe="/bin/dbus-daemon" type=SOCKETCALL msg=audit(1148140854.825:57): nargs=3 a0=10 a1=3 a2=0 Version-Release number of selected component (if applicable): selinux-policy-targeted-2.2.40-1.fc5 How reproducible: 100% Steps to Reproduce: 1. Enable nss_ldap and the SELinux targeted policy 2. service start messagebus Actual results: AVC denial. Expected results: No AVC denial. Additional info:
An almost identical AVC denial occurs when the haldaemon service is started.
Fixed in selinux-policy-2.2.47-3
I can confirm dbus-daemon to work fine here, using selinux-policy-targeted-2.3.3-8.fc5. Thanks.