Description of problem: even after a system relabel, error persists Version-Release number of selected component (if applicable): dbus-1.1.2-9.fc9 [application] kernel-2.6.23.1-49.fc8 How reproducible: relabel filesystem, boot into runlevel 5 with crashing gdm Steps to Reproduce: Summary SELinux is preventing /bin/dbus-daemon (xdm_t) "bind" to <Unknown> (xdm_t). Detailed Description SELinux denied access requested by /bin/dbus-daemon. It is not expected that this access is required by /bin/dbus-daemon and this access may signal an intrusion attempt. It is also possible that the specific version or configuration of the application is causing it to require additional access. Allowing Access You can generate a local policy module to allow this access - see http://fedora.redhat.com/docs/selinux-faq-fc5/#id2961385 Or you can disable SELinux protection altogether. Disabling SELinux protection is not recommended. Please file a http://bugzilla.redhat.com/bugzilla/enter_bug.cgi against this package. Additional Information Source Context system_u:system_r:xdm_t:SystemLow-SystemHigh Target Context system_u:system_r:xdm_t:SystemLow-SystemHigh Target Objects None [ netlink_selinux_socket ] Affected RPM Packages dbus-1.1.2-9.fc9 [application] Policy RPM selinux-policy-3.0.8-44.fc8 Selinux Enabled True Policy Type targeted MLS Enabled True Enforcing Mode Permissive Plugin Name plugins.catchall Host Name HP-JCF7 Platform Linux HP-JCF7 2.6.23.1-49.fc8 #1 SMP Thu Nov 8 21:41:26 EST 2007 i686 athlon Alert Count 1 First Seen Thu 22 Nov 2007 10:02:16 PM EST Last Seen Thu 22 Nov 2007 10:02:16 PM EST Local ID 5b078aa0-e0ce-4ed1-97bd-326c36b26653 Line Numbers Raw Audit Messages avc: denied { bind } for comm=dbus-daemon egid=42 euid=42 exe=/bin/dbus-daemon exit=0 fsgid=42 fsuid=42 gid=42 items=0 pid=3158 scontext=system_u:system_r:xdm_t:s0-s0:c0.c1023 sgid=42 subj=system_u:system_r:xdm_t:s0-s0:c0.c1023 suid=42 tclass=netlink_selinux_socket tcontext=system_u:system_r:xdm_t:s0-s0:c0.c1023 tty=(none) uid=42
Also dbus-daemon error. Summary SELinux is preventing dbus-daemon (xdm_t) "read" to <Unknown> (xdm_t). Detailed Description SELinux denied access requested by dbus-daemon. It is not expected that this access is required by dbus-daemon and this access may signal an intrusion attempt. It is also possible that the specific version or configuration of the application is causing it to require additional access. Allowing Access You can generate a local policy module to allow this access - see http://fedora.redhat.com/docs/selinux-faq-fc5/#id2961385 Or you can disable SELinux protection altogether. Disabling SELinux protection is not recommended. Please file a http://bugzilla.redhat.com/bugzilla/enter_bug.cgi against this package. Additional Information Source Context system_u:system_r:xdm_t:SystemLow-SystemHigh Target Context system_u:system_r:xdm_t:SystemLow-SystemHigh Target Objects None [ netlink_selinux_socket ] Affected RPM Packages Policy RPM selinux-policy-3.0.8-44.fc8 Selinux Enabled True Policy Type targeted MLS Enabled True Enforcing Mode Permissive Plugin Name plugins.catchall Host Name HP-JCF7 Platform Linux HP-JCF7 2.6.23.1-49.fc8 #1 SMP Thu Nov 8 21:41:26 EST 2007 i686 athlon Alert Count 1 First Seen Thu 22 Nov 2007 10:02:16 PM EST Last Seen Thu 22 Nov 2007 10:02:16 PM EST Local ID c42e506e-ece6-4d1b-8fb0-adae6be08744 Line Numbers Raw Audit Messages avc: denied { read } for comm=dbus-daemon pid=3159 scontext=system_u:system_r:xdm_t:s0-s0:c0.c1023 tclass=netlink_selinux_socket tcontext=system_u:system_r:xdm_t:s0-s0:c0.c1023
Wrong component.
Ray is this something new? xdm starting dbus-daemon, or is this a labeling problem and the xdm is not transitioning to the user context. Jim does your labeling look ok? fixfiles restore
The system was relabeled twice. The first relabel was done with fixfiles relabel with SELinux in permissive mode. The second relabeling was done with touch /.autorelabel. I am running fixfiles restore from a gnome-terminal which is putting a series of astericks in a line. The computer will not launch gdm with SELInux in enforcing. GDM is pretty much in an ill state even when it launches in permissive. This error does not happen if running in enforcing in runlevel 3 and using startx. The error only seems to be present when launching X through gdm in permissive.
fixfiles restore had an output of "Read error on pipe" among the tail end of the process. The cursor was offset by the additional * which followed as shown below: fixfiles restore ******************************************************************************* ******************************************************************************** ******************************************************************************** *************************************************Read error on pipe. *********[root@localhost
gdm runs its own dbus-daemon now in rawhide (separate from the user's session dbus-daemon)
Fixed in selinux-policy-3.2.1-1.fc9
Confirmed errors no longer present when in runlevel 3 with SELinux in enforcing. Thanks! Closing bug as resolved.