Bug 315581 - selinux prevent debug python application
Summary: selinux prevent debug python application
Keywords:
Status: CLOSED CURRENTRELEASE
Alias: None
Product: Fedora
Classification: Fedora
Component: selinux-policy-targeted
Version: 7
Hardware: All
OS: Linux
low
low
Target Milestone: ---
Assignee: Daniel Walsh
QA Contact: Ben Levenson
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2007-10-02 16:55 UTC by Alexey Kuznetsov
Modified: 2008-01-30 19:06 UTC (History)
0 users

Fixed In Version: Current
Doc Type: Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed: 2008-01-30 19:06:53 UTC
Type: ---
Embargoed:

Attachments (Terms of Use)

Description Alexey Kuznetsov 2007-10-02 16:55:22 UTC 
Description of problem:
selinux prevent debug python application under eclipse 3.2. I get exception:

  File "/usr/share/system-config-soundcard/soundcard.py", line 99, in __init__
    self.soundcardBackend = soundcardBackend.soundcardBackend()
  File "/usr/share/system-config-soundcard/soundcardBackend.py", line 454, in
__init__
    self.detectCards()
  File "/usr/share/system-config-soundcard/soundcardBackend.py", line 468, in
detectCards
    self.cardArray = self.mergeCards(self.probeCards(DETECTION_HAL),\
  File "/usr/share/system-config-soundcard/soundcardBackend.py", line 501, in
probeCards
    default_device, card_list, card_max)
  File "/usr/share/system-config-soundcard/soundcardBackendHal.py", line 191, in
probeCards
    udiList = self.halManager.FindDeviceByCapability("alsa")        
  File "/usr/lib/python2.5/site-packages/dbus/proxies.py", line 63, in __call__
    return self._proxy_method(*args, **keywords)
  File "/usr/lib/python2.5/site-packages/dbus/proxies.py", line 135, in __call__
    **keywords)
  File "/usr/lib/python2.5/site-packages/dbus/connection.py", line 598, in
call_blocking
    message, timeout)
dbus.exceptions.DBusException: org.freedesktop.DBus.Error.AccessDenied: An
SELinux policy prevents this sender from sending this message to this recipient
(rejected message had interface "org.freedesktop.Hal.Manager" member
"FindDeviceByCapability" error name "(unset)" destination ":1.5")


Version-Release number of selected component (if applicable):
last

How reproducible:
try to debug under exlipse system-config-soundcard component. easy to reproduce
with firstboot.rpm debugging.

Actual results:
exception

Expected results:
run without exception, similar as run without debugger
Comment 1 Daniel Walsh 2007-10-02 17:17:28 UTC 
What avc messages are you seeing?
Comment 2 Alexey Kuznetsov 2007-10-02 18:50:28 UTC 
Oct  2 15:48:30 axet dbus: Can't send to audit system: USER_AVC avc:  received
setenforce notice
 (enforcing=1) : exe="/bin/dbus-daemon" (sauid=500, hostname=?, addr=?, terminal=?)
Comment 3 Daniel Walsh 2007-10-03 21:10:13 UTC 
Look in /var/log/audit/audit.log
Comment 4 Alexey Kuznetsov 2007-10-03 23:32:13 UTC 
type=USER_AVC msg=audit(1191454289.412:96): user pid=1773 uid=81 auid=4294967295
subj=system_u:system_r:system_dbusd_t:s0 msg='avc:  denied  { send_msg } for
msgtype=method_call interface=org.freedesktop.DBus.Introspectable
member=Introspect dest=:1.5 spid=10459 tpid=2523
scontext=user_u:system_r:java_t:s0 tcontext=system_u:system_r:hald_t:s0
tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
type=USER_AVC msg=audit(1191454289.418:97): user pid=1773 uid=81 auid=4294967295
subj=system_u:system_r:system_dbusd_t:s0 msg='avc:  denied  { send_msg } for
msgtype=method_call interface=org.freedesktop.Hal.Manager
member=FindDeviceByCapability dest=:1.5 spid=10459 tpid=2523
scontext=user_u:system_r:java_t:s0 tcontext=system_u:system_r:hald_t:s0
tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
Comment 5 Daniel Walsh 2007-10-11 13:18:40 UTC 
Fixed in selinux-policy-2.6.4-49.fc7.src.rpm
Comment 6 Daniel Walsh 2008-01-30 19:06:53 UTC 
Bulk closing a old selinux policy bugs that were in the modified state.  If the
bug is still not fixed.  Please reopen.
Note You need to log in before you can comment on or make changes to this bug.