Bug 315581 - selinux prevent debug python application
selinux prevent debug python application
Status: CLOSED CURRENTRELEASE
Product: Fedora
Classification: Fedora
Component: selinux-policy-targeted (Show other bugs)
7
All Linux
low Severity low
: ---
: ---
Assigned To: Daniel Walsh
Ben Levenson
:
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2007-10-02 12:55 EDT by Alexey Kuznetsov
Modified: 2008-01-30 14:06 EST (History)
0 users

See Also:
Fixed In Version: Current
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2008-01-30 14:06:53 EST
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)

  None (edit)
Description Alexey Kuznetsov 2007-10-02 12:55:22 EDT
Description of problem:
selinux prevent debug python application under eclipse 3.2. I get exception:

  File "/usr/share/system-config-soundcard/soundcard.py", line 99, in __init__
    self.soundcardBackend = soundcardBackend.soundcardBackend()
  File "/usr/share/system-config-soundcard/soundcardBackend.py", line 454, in
__init__
    self.detectCards()
  File "/usr/share/system-config-soundcard/soundcardBackend.py", line 468, in
detectCards
    self.cardArray = self.mergeCards(self.probeCards(DETECTION_HAL),\
  File "/usr/share/system-config-soundcard/soundcardBackend.py", line 501, in
probeCards
    default_device, card_list, card_max)
  File "/usr/share/system-config-soundcard/soundcardBackendHal.py", line 191, in
probeCards
    udiList = self.halManager.FindDeviceByCapability("alsa")        
  File "/usr/lib/python2.5/site-packages/dbus/proxies.py", line 63, in __call__
    return self._proxy_method(*args, **keywords)
  File "/usr/lib/python2.5/site-packages/dbus/proxies.py", line 135, in __call__
    **keywords)
  File "/usr/lib/python2.5/site-packages/dbus/connection.py", line 598, in
call_blocking
    message, timeout)
dbus.exceptions.DBusException: org.freedesktop.DBus.Error.AccessDenied: An
SELinux policy prevents this sender from sending this message to this recipient
(rejected message had interface "org.freedesktop.Hal.Manager" member
"FindDeviceByCapability" error name "(unset)" destination ":1.5")


Version-Release number of selected component (if applicable):
last

How reproducible:
try to debug under exlipse system-config-soundcard component. easy to reproduce
with firstboot.rpm debugging.

Actual results:
exception

Expected results:
run without exception, similar as run without debugger
Comment 1 Daniel Walsh 2007-10-02 13:17:28 EDT
What avc messages are you seeing?
Comment 2 Alexey Kuznetsov 2007-10-02 14:50:28 EDT
Oct  2 15:48:30 axet dbus: Can't send to audit system: USER_AVC avc:  received
setenforce notice
 (enforcing=1) : exe="/bin/dbus-daemon" (sauid=500, hostname=?, addr=?, terminal=?)
Comment 3 Daniel Walsh 2007-10-03 17:10:13 EDT
Look in /var/log/audit/audit.log
Comment 4 Alexey Kuznetsov 2007-10-03 19:32:13 EDT
type=USER_AVC msg=audit(1191454289.412:96): user pid=1773 uid=81 auid=4294967295
subj=system_u:system_r:system_dbusd_t:s0 msg='avc:  denied  { send_msg } for
msgtype=method_call interface=org.freedesktop.DBus.Introspectable
member=Introspect dest=:1.5 spid=10459 tpid=2523
scontext=user_u:system_r:java_t:s0 tcontext=system_u:system_r:hald_t:s0
tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
type=USER_AVC msg=audit(1191454289.418:97): user pid=1773 uid=81 auid=4294967295
subj=system_u:system_r:system_dbusd_t:s0 msg='avc:  denied  { send_msg } for
msgtype=method_call interface=org.freedesktop.Hal.Manager
member=FindDeviceByCapability dest=:1.5 spid=10459 tpid=2523
scontext=user_u:system_r:java_t:s0 tcontext=system_u:system_r:hald_t:s0
tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
Comment 5 Daniel Walsh 2007-10-11 09:18:40 EDT
Fixed in selinux-policy-2.6.4-49.fc7.src.rpm
Comment 6 Daniel Walsh 2008-01-30 14:06:53 EST
Bulk closing a old selinux policy bugs that were in the modified state.  If the
bug is still not fixed.  Please reopen.

Note You need to log in before you can comment on or make changes to this bug.