Bug 192556 – dbus-daemon AVC with nss_ldap

Bug 192556 - dbus-daemon AVC with nss_ldap

Summary:	dbus-daemon AVC with nss_ldap

Status:	CLOSED RAWHIDE

Aliases:	None

Product:	Fedora
Classification:	Fedora
Component:	selinux-policy-targeted (Show other bugs)
Sub Component:
Version:	5
Hardware:	i686 Linux

Priority	medium Severity low
Target Milestone:	---
Target Release:	---
Assigned To:	Daniel Walsh
QA Contact:
Docs Contact:

URL:
Whiteboard:
Keywords:	SELinux

Depends On:
Blocks:	192555
	Show dependency tree / graph

Reported:	2006-05-20 12:17 EDT by Ian Pilcher
Modified:	2008-08-02 19:40 EDT (History)
CC List:	0 users

See Also:
Fixed In Version:
Doc Type:	Bug Fix
Doc Text:
Story Points:	---
Clone Of:
Environment:
Last Closed:	2006-08-03 08:45:38 EDT
Type:	---
Regression:	---
Mount Type:	---
Documentation:	---
CRM:
Verified Versions:
Category:	---
oVirt Team:	---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team:	---

Attachments	(Terms of Use)
Add an attachment (proposed patch, testcase, etc.)

Groups: None (edit)

Description Ian Pilcher 2006-05-20 12:17:51 EDT

Description of problem:

When nss_ldap is enabled, dbus-daemon generates the following AVC at startup:

type=AVC msg=audit(1148140854.825:57): avc:  denied  { create } for  pid=2799
    comm="dbus-daemon" scontext=root:system_r:system_dbusd_t:s0
    tcontext=root:system_r:system_dbusd_t:s0 tclass=netlink_route_socket
type=SYSCALL msg=audit(1148140854.825:57): arch=40000003 syscall=102
    success=no exit=-13 a0=1 a1=bfbd11f4 a2=abcff4 a3=8d25bd8 items=0 pid=2799
    auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0
    comm="dbus-daemon" exe="/bin/dbus-daemon"
type=SOCKETCALL msg=audit(1148140854.825:57): nargs=3 a0=10 a1=3 a2=0


Version-Release number of selected component (if applicable):

selinux-policy-targeted-2.2.40-1.fc5


How reproducible:

100%


Steps to Reproduce:
1.  Enable nss_ldap and the SELinux targeted policy
2.  service start messagebus
  
Actual results:

AVC denial.


Expected results:

No AVC denial.


Additional info:

Comment 1 Ian Pilcher 2006-05-20 12:25:26 EDT

An almost identical AVC denial occurs when the haldaemon service is started.

Comment 2 Daniel Walsh 2006-06-15 22:18:32 EDT

Fixed in selinux-policy-2.2.47-3

Comment 3 Joachim Selke 2006-08-03 04:29:15 EDT

I can confirm dbus-daemon to work fine here, using
selinux-policy-targeted-2.3.3-8.fc5. Thanks.

Note You need to log in before you can comment on or make changes to this bug.