Description of problem: I'm getting dbus-daemon aborting on my laptop. Needless to say, this is bad for ConsoleKit, hal, NM, and various other things. Version-Release number of selected component (if applicable): dbus-1.1.2-4.fc8 How reproducible: Most of the time. Steps to Reproduce: 1. Boot 2. Do various dbus-y things. Some examples: - run dbus-monitor on one VT - log in and out as root on various other VTs or: - boot into runlevel 3 - log in, and start NetworkManager Actual results: dbus: Can't send to audit system: USER_AVC avc: denied { 0x2 } for msgtype=signal interface=org.freedesktop.NetworkManager member=StateChange dest=org.freedesktop.DBus spid=2831 tpid=2554 scontext=root:system_r:NetworkManager_t:s0 tcontext=system_u:system_r:rpm_t:s0 tclass=(null)#012: exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?) #0 0x00002aaaab768895 in *__GI_raise (sig=<value optimized out>) at ../nptl/sysdeps/unix/sysv/linux/raise.c:64 #1 0x00002aaaab76a340 in *__GI_abort () at abort.c:88 #2 0x00000000004280b5 in _dbus_abort () at dbus-sysdeps.c:86 #3 0x00000000004244fa in _dbus_warn_check_failed ( format=0x43b1c0 "arguments to %s() were incorrect, assertion \"%s\" failed in file %s line %d.\nThis is normally a bug in some application using the D-Bus library.\n") at dbus-internals.c:283 #4 0x0000000000417e00 in dbus_error_is_set (error=<value optimized out>) at dbus-errors.c:303 #5 0x0000000000405866 in bus_context_check_security_policy (context=0x6495e0, transaction=0x66ea10, sender=0x679730, addressed_recipient=0x0, proposed_recipient=0x6616d0, message=0x669890, error=0x0) at bus.c:1209 #6 0x000000000040d00a in bus_dispatch_matches (transaction=0x66ea10, sender=0x679730, addressed_recipient=0x0, message=0x669890, error=0x7fffd3e06bf0) at dispatch.c:47 #7 0x000000000040d290 in bus_dispatch_message_filter (connection=0x679730, message=0x669890, user_data=<value optimized out>) at dispatch.c:311 #8 0x0000000000417730 in dbus_connection_dispatch (connection=0x679730) at dbus-connection.c:4350 #9 0x000000000042aea8 in _dbus_loop_dispatch (loop=0x6494f0) at dbus-mainloop.c:482 #10 0x000000000042b243 in _dbus_loop_iterate (loop=0x6494f0, block=1) at dbus-mainloop.c:848 #11 0x000000000042b48d in _dbus_loop_run (loop=0x6494f0) at dbus-mainloop.c:874 #12 0x0000000000414bb1 in main (argc=2, argv=<value optimized out>) at main.c:464 #13 0x00002aaaab755d34 in __libc_start_main (main=0x4145a0 <main>, argc=2, ubp_av=0x7fffd3e073e8, init=<value optimized out>, fini=<value optimized out>, rtld_fini=<value optimized out>, stack_end=0x7fffd3e073d8) at libc-start.c:220 #14 0x00000000004037c9 in _start () Expected results: Non-aborting dbus. Additional info: selinux-policy-targeted-3.0.7-5.fc8, just in case that makes a difference.
Has anything changed in policy recently that would affect this?
Not that I know about. No changes in selinux policy should have caused this. Although if dbus is asking for a new permission and being denied? Any avc messages in /var/log/audit/audit.log? Does this happen in permissive mode?
Booting into permissive mode avoids this problem. Strangely, with enforcing mode, I can "service messagebus restart" manually after bootup and it appears to behave properly thereafter.
Avc messages?
No, no AVC messages logged.
Not that I think I've ever seen avc messages when SELinux denies things for dbus, especially in the audit log.
NetworkManager is trying to send a dbus message to yum-updatesd, perhaps telling it the network is up. SELinux policy tells dbus that this is not allowed. dbus has a bug in it, which causes it to crash, when it gets this denial. Everything goes bad. I am updateing SELinux policy to allow NetworkManager and yum-updatesd to talk, selinux-policy-3.0.7-10 But dbus needs to be fixed to not crash if it is denying a message.
100% reproduce procedure: 1) service messagebus restart 2) service yum-updatesd restart 3) service NetworkManager restart yum-updatesd is running as rpm_t. NetworkManager tries to talk to it, which it isn't allowed by selinux. Then both dbus and NetworkManager crash. This appears in /var/log/messages: Sep 11 14:15:20 newcaprica dbus: Can't send to audit system: USER_AVC avc: denied { 0x2 } for msgtype=signal interface=org.freedesktop.NetworkManager member=StateChange dest=org.freedesktop.DBus spid=3030 tpid=2977 scontext=root:system_r:NetworkManager_t:s0 tcontext=root:system_r:rpm_t:s0 tclass=(null)#012: exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?) This policy below prevents this denial. require { type NetworkManager_t; } rpm_dbus_chat(NetworkManager_t)
Created attachment 192861 [details] dbus-backtrace.txt dbus shouldn't be crashing when it is denied.
That's not the only thing that can crash it for me - I can do it easily with dbus-monitor and just logging in (therefore twiddling ConsoleKit.) Did selinux just recently start monitoring dbus?
I don't know when it began, but dbus itself is selinux aware. It asks the kernel if something is allowed. The above traceback is dbus killing itself after the denial. dbus needs to be fixed to be more robust in handling these errors. Furthermore, it should output audit messages in the proper location like the regular avc's.
Nope, This is not SELinux causing the problem, well at least not directly. Dbus is SELinux away, when two daemons want to talk, dbus asks SELinux if it is ok, When SELinux does not have the rules to allow the daemons to talk, dbus is dying. This has always been the way since Colin Walters did the dbus patch. Of course more daemons are now talking through dbus. Did you get a dbus message in /var/log/messages?
Dbus needs to maintain CAP_AUDITWRITE I believe in order to write these messages. I guess it is not maintaining this. Right Steve?
I also get messages such as: Sep 11 06:42:39 dhcp59-171 dbus: Can't send to audit system: USER_AVC avc: received setenforce notice (enforcing=0)#012: exe="/bin/dbus-daemon" (sauid=500, hostname=?, addr=?, terminal=?) Sep 11 06:42:43 dhcp59-171 dbus: Can't send to audit system: USER_AVC avc: denied { 0x2 } for msgtype=method_call interface=org.freedesktop.DBus member=Hello dest=org.freedesktop.DBus spid=7124 tpid=7121 scontext=system_u:system_r:local_login_t:s0-s0:c0.c1023 tcontext=root:system_r:unconfined_t:s0-s0:c0.c1023 tclass=(null)#012: exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)
dbus has been patched many times to allow selinux and audit. Which makes me wonder if anyone is trying to get the patches upstream? the selinux and audit capability has been carried as a patch since F3. One thing I find interesting is comment #3. Another thing I'd like to note is that about a month ago I filed a bug saying that dbus libs should not call abort() on errors but instead return an error code. The bug was closed wont fix. So, any problem that dbus doesn't like, it calls abort. This crashes apps as well as I guess dbus.
The bug mentioned by sgrubb appears to be Bug #250939. "either way it looks like NOTABUG or WONTFIX as this can only happen if D-Bus is incorrectly installed. Or if SELinux policy or other measures wrongly prevents the process using libdbus..." This seems horribly short-sighted. Surely a central infrastructure bit like dbus could be made more robust than this?
Sep 11 06:42:43 dhcp59-171 dbus: Can't send to audit system: USER_AVC avc: denied { 0x2 } for msgtype=method_call interface=org.freedesktop.DBus member=Hello dest=org.freedesktop.DBus spid=7124 tpid=7121 scontext=system_u:system_r:local_login_t:s0-s0:c0.c1023 tcontext=root:system_r:unconfined_t:s0-s0:c0.c1023 tclass=(null)#012: exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?) Not sure why it is aborting, but the 0x2 looks wrong. Also is there a new userprocess running as unconfined_t that local_login needs to communicate with? ConsoleKit? I also have not been able to get this to crash on a x86_64 or i386 machine in my office.
notting is your consolekit process running as unconfined_t?
Looks like an issue in the recent libselinux dynamic discovery of class/perm support, would only trigger with newer kernels (2.6.23).
Fixed the libselinux problem in 2.0.33, which should fix up the avc message (the denied { 0x2 } and tclass=(null) parts). But that doesn't mean that you won't still get a denial if it violates policy, or change dbus error handling on a denial.
CK is: system_u:system_r:consolekit_t:s0 2474 ? Ssl 0:00 console-kit-daemon
(In reply to comment #15) > dbus has been patched many times to allow selinux and audit. Which makes me > wonder if anyone is trying to get the patches upstream? the selinux and audit > capability has been carried as a patch since F3. AFAIK, the selinux support (by Matt Rickard) in dbusd has been upstream for quite some time, although I know that Colin later made some changes and you later introduced the audit support that would have been carried as patches. But I don't see any such selinux or audit patches in current dbus cvs in fedora devel.
libselinux-2.0.33 should be in rawhide tonight. Looks like this feature needs to be back ported to FC7 also.
Fixed in -6. Plain old dbus bug.