Bug 283231 - system dbus daemon aborts. chaos ensues
Summary: system dbus daemon aborts. chaos ensues
Keywords:
Status: CLOSED RAWHIDE
Alias: None
Product: Fedora
Classification: Fedora
Component: dbus
Version: rawhide
Hardware: All
OS: Linux
medium
low
Target Milestone: ---
Assignee: David Zeuthen
QA Contact: Fedora Extras Quality Assurance
URL:
Whiteboard:
Depends On:
Blocks: F8Blocker
TreeView+ depends on / blocked
 
Reported: 2007-09-07 21:08 UTC by Bill Nottingham
Modified: 2014-03-17 03:08 UTC (History)
8 users (show)

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed: 2007-09-14 19:51:31 UTC
Type: ---
Embargoed:


Attachments (Terms of Use)
dbus-backtrace.txt (6.41 KB, text/plain)
2007-09-11 18:45 UTC, Warren Togami
no flags Details

Description Bill Nottingham 2007-09-07 21:08:13 UTC
Description of problem:

I'm getting dbus-daemon aborting on my laptop. Needless to say, this is bad for
ConsoleKit, hal, NM, and various other things.

Version-Release number of selected component (if applicable):

dbus-1.1.2-4.fc8

How reproducible:

Most of the time.

Steps to Reproduce:
1. Boot
2. Do various dbus-y things. Some examples:

- run dbus-monitor on one VT
- log in and out as root on various other VTs

or:

- boot into runlevel 3
- log in, and start NetworkManager
  
Actual results:

dbus: Can't send to audit system: USER_AVC avc:  denied  { 0x2 } for
msgtype=signal interface=org.freedesktop.NetworkManager member=StateChange
dest=org.freedesktop.DBus spid=2831 tpid=2554
scontext=root:system_r:NetworkManager_t:s0 tcontext=system_u:system_r:rpm_t:s0
tclass=(null)#012: exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)

#0  0x00002aaaab768895 in *__GI_raise (sig=<value optimized out>)
    at ../nptl/sysdeps/unix/sysv/linux/raise.c:64
#1  0x00002aaaab76a340 in *__GI_abort () at abort.c:88
#2  0x00000000004280b5 in _dbus_abort () at dbus-sysdeps.c:86
#3  0x00000000004244fa in _dbus_warn_check_failed (
    format=0x43b1c0 "arguments to %s() were incorrect, assertion \"%s\" failed
in file %s line %d.\nThis is normally a bug in some application using the D-Bus
library.\n") at dbus-internals.c:283
#4  0x0000000000417e00 in dbus_error_is_set (error=<value optimized out>)
    at dbus-errors.c:303
#5  0x0000000000405866 in bus_context_check_security_policy (context=0x6495e0,
    transaction=0x66ea10, sender=0x679730, addressed_recipient=0x0,
    proposed_recipient=0x6616d0, message=0x669890, error=0x0) at bus.c:1209
#6  0x000000000040d00a in bus_dispatch_matches (transaction=0x66ea10,
    sender=0x679730, addressed_recipient=0x0, message=0x669890,
    error=0x7fffd3e06bf0) at dispatch.c:47
#7  0x000000000040d290 in bus_dispatch_message_filter (connection=0x679730,
    message=0x669890, user_data=<value optimized out>) at dispatch.c:311
#8  0x0000000000417730 in dbus_connection_dispatch (connection=0x679730)
    at dbus-connection.c:4350
#9  0x000000000042aea8 in _dbus_loop_dispatch (loop=0x6494f0)
    at dbus-mainloop.c:482
#10 0x000000000042b243 in _dbus_loop_iterate (loop=0x6494f0, block=1)
    at dbus-mainloop.c:848
#11 0x000000000042b48d in _dbus_loop_run (loop=0x6494f0) at dbus-mainloop.c:874
#12 0x0000000000414bb1 in main (argc=2, argv=<value optimized out>)
    at main.c:464
#13 0x00002aaaab755d34 in __libc_start_main (main=0x4145a0 <main>, argc=2,
    ubp_av=0x7fffd3e073e8, init=<value optimized out>,
    fini=<value optimized out>, rtld_fini=<value optimized out>,
    stack_end=0x7fffd3e073d8) at libc-start.c:220
#14 0x00000000004037c9 in _start ()

Expected results:

Non-aborting dbus.

Additional info:
selinux-policy-targeted-3.0.7-5.fc8, just in case that makes a difference.

Comment 1 Jeremy Katz 2007-09-10 18:11:31 UTC
Has anything changed in policy recently that would affect this?

Comment 2 Daniel Walsh 2007-09-10 19:59:59 UTC
Not that I know about.  No changes in selinux policy should have caused this. 
Although if dbus is asking for a new permission and being denied?  Any avc
messages in /var/log/audit/audit.log?  Does this happen in permissive mode?

Comment 3 Warren Togami 2007-09-10 21:21:29 UTC
Booting into permissive mode avoids this problem.

Strangely, with enforcing mode, I can "service messagebus restart" manually
after bootup and it appears to behave properly thereafter.

Comment 4 Daniel Walsh 2007-09-10 21:57:35 UTC
Avc messages?

Comment 5 Bill Nottingham 2007-09-11 14:48:51 UTC
No, no AVC messages logged.

Comment 6 Jeremy Katz 2007-09-11 17:40:52 UTC
Not that I think I've ever seen avc messages when SELinux denies things for
dbus, especially in the audit log.

Comment 7 Daniel Walsh 2007-09-11 18:36:53 UTC
NetworkManager is trying to send a dbus message to yum-updatesd, perhaps telling
it the network is up.  SELinux policy tells dbus that this is not allowed. dbus
has a bug in it, which causes it to crash, when it gets this denial.  Everything
goes bad.

I am updateing SELinux policy to allow NetworkManager and yum-updatesd to talk, 

selinux-policy-3.0.7-10

But dbus needs to be fixed to not crash if it is denying a message.

Comment 8 Warren Togami 2007-09-11 18:42:11 UTC
100% reproduce procedure:
1) service messagebus restart
2) service yum-updatesd restart
3) service NetworkManager restart

yum-updatesd is running as rpm_t.  NetworkManager tries to talk to it, which it
isn't allowed by selinux.  Then both dbus and NetworkManager crash.

This appears in /var/log/messages:
Sep 11 14:15:20 newcaprica dbus: Can't send to audit system: USER_AVC avc: 
denied  { 0x2 } for msgtype=signal interface=org.freedesktop.NetworkManager
member=StateChange dest=org.freedesktop.DBus spid=3030 tpid=2977
scontext=root:system_r:NetworkManager_t:s0 tcontext=root:system_r:rpm_t:s0
tclass=(null)#012: exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)

This policy below prevents this denial.

require {
        type NetworkManager_t;
}
rpm_dbus_chat(NetworkManager_t)

Comment 9 Warren Togami 2007-09-11 18:45:16 UTC
Created attachment 192861 [details]
dbus-backtrace.txt

dbus shouldn't be crashing when it is denied.

Comment 10 Bill Nottingham 2007-09-11 18:46:12 UTC
That's not the only thing that can crash it for me - I can do it easily with
dbus-monitor and just logging in (therefore twiddling ConsoleKit.)

Did selinux just recently start monitoring dbus?

Comment 11 Warren Togami 2007-09-11 18:53:52 UTC
I don't know when it began, but dbus itself is selinux aware.  It asks the
kernel if something is allowed.  The above traceback is dbus killing itself
after the denial.  dbus needs to be fixed to be more robust in handling these
errors.  Furthermore, it should output audit messages in the proper location
like the regular avc's.

Comment 12 Daniel Walsh 2007-09-11 18:56:28 UTC
Nope, This is not SELinux causing the problem, well at least not directly.  Dbus
is SELinux away, when two daemons want to talk, dbus asks SELinux if it is ok, 
When SELinux does not have the rules to allow the daemons to talk, dbus is
dying.  This has always been the way since Colin Walters did the dbus patch.  Of
course more daemons are now talking through dbus.

Did you get a dbus message in /var/log/messages?

Comment 13 Daniel Walsh 2007-09-11 18:57:31 UTC
Dbus needs to maintain CAP_AUDITWRITE I believe in order to write these
messages.  I guess it is not maintaining this. Right Steve?

Comment 14 Bill Nottingham 2007-09-11 20:19:57 UTC
I also get messages such as:

Sep 11 06:42:39 dhcp59-171 dbus: Can't send to audit system: USER_AVC avc: 
received setenforce notice (enforcing=0)#012: exe="/bin/dbus-daemon" (sauid=500,
hostname=?, addr=?, terminal=?)

Sep 11 06:42:43 dhcp59-171 dbus: Can't send to audit system: USER_AVC avc: 
denied  { 0x2 } for msgtype=method_call interface=org.freedesktop.DBus
member=Hello dest=org.freedesktop.DBus spid=7124 tpid=7121
scontext=system_u:system_r:local_login_t:s0-s0:c0.c1023
tcontext=root:system_r:unconfined_t:s0-s0:c0.c1023 tclass=(null)#012:
exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)




Comment 15 Steve Grubb 2007-09-11 21:01:29 UTC
dbus has been patched many times to allow selinux and audit. Which makes me
wonder if anyone is trying to get the patches upstream? the selinux and audit
capability has been carried as a patch since F3.

One thing I find interesting is comment #3.

Another thing I'd like to note is that about a month ago I filed a bug saying
that dbus libs should not call abort() on errors but instead return an error
code. The bug was closed wont fix. So, any problem that dbus doesn't like, it
calls abort. This crashes apps as well as I guess dbus.

Comment 16 Warren Togami 2007-09-11 21:38:25 UTC
The bug mentioned by sgrubb appears to be Bug #250939.

"either way it looks like NOTABUG or WONTFIX as this can only happen if D-Bus is
incorrectly installed. Or if SELinux policy or other measures wrongly prevents
the process using libdbus..."

This seems horribly short-sighted.  Surely a central infrastructure bit like
dbus could be made more robust than this?

Comment 17 Daniel Walsh 2007-09-12 12:45:49 UTC
Sep 11 06:42:43 dhcp59-171 dbus: Can't send to audit system: USER_AVC avc: 
denied  { 0x2 } for msgtype=method_call interface=org.freedesktop.DBus
member=Hello dest=org.freedesktop.DBus spid=7124 tpid=7121
scontext=system_u:system_r:local_login_t:s0-s0:c0.c1023
tcontext=root:system_r:unconfined_t:s0-s0:c0.c1023 tclass=(null)#012:
exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)

Not sure why it is aborting, but the 0x2 looks wrong.  

Also is there a new userprocess running as unconfined_t that local_login needs
to communicate with?  ConsoleKit?

I also have not been able to get this to crash on a x86_64 or i386 machine in my
office.


Comment 18 Daniel Walsh 2007-09-12 13:26:53 UTC
notting is your consolekit process running as unconfined_t?

Comment 19 Stephen Smalley 2007-09-12 14:33:40 UTC
Looks like an issue in the recent libselinux dynamic discovery of class/perm
support, would only trigger with newer kernels (2.6.23).


Comment 20 Stephen Smalley 2007-09-12 16:04:24 UTC
Fixed the libselinux problem in 2.0.33, which should fix up the avc message (the
denied { 0x2 } and tclass=(null) parts).

But that doesn't mean that you won't still get a denial if it violates policy,
or change dbus error handling on a denial.



Comment 21 Bill Nottingham 2007-09-12 19:07:50 UTC
CK is:

 system_u:system_r:consolekit_t:s0 2474 ?       Ssl    0:00 console-kit-daemon


Comment 22 Stephen Smalley 2007-09-13 11:31:56 UTC
(In reply to comment #15)
> dbus has been patched many times to allow selinux and audit. Which makes me
> wonder if anyone is trying to get the patches upstream? the selinux and audit
> capability has been carried as a patch since F3.

AFAIK, the selinux support (by Matt Rickard) in dbusd has been upstream for
quite some time, although I know that Colin later made some changes and you
later introduced the audit support that would have been carried as patches.  But
I don't see any such selinux or audit patches in current dbus cvs in fedora devel.



Comment 23 Daniel Walsh 2007-09-13 13:28:09 UTC
libselinux-2.0.33 should be in rawhide tonight.
Looks like this feature needs to be back ported to FC7 also.



Comment 24 Bill Nottingham 2007-09-14 19:51:31 UTC
Fixed in -6. Plain old dbus bug.


Note You need to log in before you can comment on or make changes to this bug.