Bug 2170059 - Ensure dbus communication is allowed bidirectionally
Summary: Ensure dbus communication is allowed bidirectionally
Keywords:
Status: NEW
Alias: None
Product: Fedora
Classification: Fedora
Component: selinux-policy
Version: 39
Hardware: Unspecified
OS: Unspecified
medium
medium
Target Milestone: ---
Assignee: Zdenek Pytela
QA Contact: Fedora Extras Quality Assurance
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2023-02-15 14:45 UTC by Zdenek Pytela
Modified: 2023-08-16 08:08 UTC (History)
7 users (show)

Fixed In Version:
Doc Type: If docs needed, set a value
Doc Text:
Clone Of:
Environment:
Last Closed:
Type: Bug
Embargoed:

Attachments (Terms of Use)

Description Zdenek Pytela 2023-02-15 14:45:31 UTC 
There are rules in the policy which allow dbus communication only in one way while iboth directions should be allowed.

This bug was initially created as a copy of Bug #2154245

I am copying this bug because: 



Description of problem:

RPM scriptlets (rpm_script_t) can execute hostnamectl, but systemd-hostnamed is not able to reply:
-------- 8< ---------------- 8< ---------------- 8< ---------------- 8< --------
# sesearch -A -s rpm_script_t -c dbus -t systemd_hostnamed_t
allow dbusd_unconfined nsswitch_domain:dbus send_msg;
allow dbusd_unconfined systemd_hostnamed_t:dbus send_msg;

# sesearch -A -t rpm_script_t -c dbus -s systemd_hostnamed_t
--> nothing
-------- 8< ---------------- 8< ---------------- 8< ---------------- 8< --------

Please make sure that every DBus message sender can get replies, it's very likely that such issue applies to other system components.

Version-Release number of selected component (if applicable):

selinux-policy-3.14.3-108.el8.noarch

How reproducible:

Always
Comment 1 Fedora Release Engineering 2023-08-16 08:08:48 UTC 
This bug appears to have been reported against 'rawhide' during the Fedora Linux 39 development cycle.
Changing version to 39.
Note You need to log in before you can comment on or make changes to this bug.