Bug 437663 - Dbus isn't allowed to look at NFS-mounted home directories
Dbus isn't allowed to look at NFS-mounted home directories
Status: CLOSED CURRENTRELEASE
Product: Fedora
Classification: Fedora
Component: selinux-policy-targeted (Show other bugs)
8
All Linux
low Severity low
: ---
: ---
Assigned To: Daniel Walsh
Ben Levenson
:
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2008-03-15 18:25 EDT by Göran Uddeborg
Modified: 2008-11-10 08:40 EST (History)
0 users

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2008-11-10 08:40:05 EST
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)

  None (edit)
Description Göran Uddeborg 2008-03-15 18:25:51 EDT
Description of problem:
With home directories mounted via NFS, I get these errors:

Mar 15 23:01:59 freddi kernel: audit(1205618519.328:7): avc:  denied  { search }
for  pid=2500 comm="dbus-daemon" name="" dev=0:15 ino=5963786
scontext=system_u:system_r:system_dbusd_t:s0 tcontext=system_u:object_r:nfs_t:s0
tclass=dir

I get these errors although I do have the boolean to allow NFS home directories set:

freddi$ getsebool use_nfs_home_dirs
use_nfs_home_dirs --> on

freddi$ rpm -q selinux-policy selinux-policy-targeted
selinux-policy-3.0.8-93.fc8
selinux-policy-targeted-3.0.8-93.fc8
Comment 1 Daniel Walsh 2008-03-17 09:13:51 EDT
Any idea why the systembus would be looking in your home directories? 

You can allow this for now by executing 

# audit2allow -M mypol -i /var/log/audit/audit.log 
# semodule -i mypol.pp

Will be dontaudited in selinux-policy-3.0.8-94.fc8
Comment 2 Göran Uddeborg 2008-03-17 10:57:32 EDT
In order to answer your question, I have investigated this a bit further.  It
turns out tge systembus isn't actually looking in the home directories, it's
looking at /usr/local.  Which I also have NFS mounted on this host.  So while
nothing what I wrote in comment 0 is incorrect, it is misleading.

I still don't know why the systembus looks at /usr/local, but it seems to be a
reasonable thing for it to do.  So maybe it makes more sense for me to allow
this locally, rather than for the default policy to hide it.  I guess
NFS-mounted /usr/local isn't something that is expected by the default policy.

Sorry for the noise.

Note You need to log in before you can comment on or make changes to this bug.