Bug 248547 - [RFE] Add boolean to allow httpd to use dbus/avahi
[RFE] Add boolean to allow httpd to use dbus/avahi
Product: Fedora
Classification: Fedora
Component: selinux-policy (Show other bugs)
All Linux
low Severity medium
: ---
: ---
Assigned To: Daniel Walsh
Fedora Extras Quality Assurance
Depends On:
  Show dependency treegraph
Reported: 2007-07-17 08:56 EDT by Ignacio Vazquez-Abrams
Modified: 2007-11-30 17:12 EST (History)
0 users

See Also:
Fixed In Version: Current
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Last Closed: 2007-09-12 13:08:03 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)

  None (edit)
Description Ignacio Vazquez-Abrams 2007-07-17 08:56:35 EDT
The mod_dnssd package requires dbus/avahi in order to work, but the default
policy interferes. I *think* these are the rules that need to be enabled by this

#============= avahi_t ==============
allow avahi_t httpd_t:dbus send_msg;

#============= httpd_t ==============
allow httpd_t avahi_t:dbus send_msg;
allow httpd_t system_dbusd_t:dbus send_msg;
allow httpd_t system_dbusd_t:unix_stream_socket connectto;
allow httpd_t system_dbusd_var_run_t:dir search;
allow httpd_t system_dbusd_var_run_t:sock_file write;

It would be appreciated if this change could be ported back to FC6 as well.
Comment 1 Daniel Walsh 2007-07-18 10:41:25 EDT
Fixed in selinux-policy-2.6.4-29.fc7
Comment 2 Ignacio Vazquez-Abrams 2007-08-01 12:45:50 EDT
I seem to still be getting 1 more message:

type=USER_AVC msg=audit(1185986626.756:567): user pid=2430 uid=81
auid=4294967295 subj=system_u:system_r:system_dbusd_t:s0 msg='avc:  denied  {
send_msg } for msgtype=method_call interface=org.freedesktop.DBus member=Hello
dest=org.freedesktop.DBus spid=4729 scontext=user_u:system_r:httpd_t:s0
tcontext=system_u:system_r:system_dbusd_t:s0 tclass=dbus :
exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'

audit2allow says:

#============= httpd_t ==============
allow httpd_t system_dbusd_t:dbus send_msg;
Comment 3 Daniel Walsh 2007-08-01 16:33:05 EDT
Fixed in selinux-policy-2.6.4-31.fc7
Comment 4 Daniel Walsh 2007-09-12 13:08:03 EDT
Moving modified bugs to closed

Note You need to log in before you can comment on or make changes to this bug.