Description of problem: * Sun Apr 27 2008 Dan Williams <dcbw> - 1:0.7.0-0.6.7.svn3614 - Replace dispatcher daemon with D-Bus activated callout This is going to need some SElinux support to work. In permissive: Apr 28 14:27:18 eule kernel: audit(1209414438.367:4): avc: denied { setpgid } for pid=2479 comm="nm-dispatcher.a" scontext=system_u:system_r:system_dbusd_t:s 0 tcontext=system_u:system_r:system_dbusd_t:s0 tclass=process Apr 28 14:27:18 eule kernel: audit(1209414438.383:5): avc: denied { execute } for pid=2479 comm="nm-dispatcher.a" name="bash" dev=sda5 ino=1114143 scontext=s ystem_u:system_r:system_dbusd_t:s0 tcontext=system_u:object_r:shell_exec_t:s0 tc lass=file Apr 28 14:27:18 eule nm-dispatcher.action: Could not run script '/etc/NetworkMan ager/dispatcher.d/cora': (3) Failed to execute child process "/etc/NetworkManage r/dispatcher.d/cora" (Permission denied) In enforcing I get: Apr 28 14:31:28 eule kernel: audit(1209414688.146:3): avc: denied { setpgid } for pid=2489 comm="nm-dispatcher.a" scontext=system_u:system_r:system_dbusd_t:s 0 tcontext=system_u:system_r:system_dbusd_t:s0 tclass=process Apr 28 14:31:28 eule kernel: audit(1209414688.170:4): avc: denied { execute } for pid=2489 comm="nm-dispatcher.a" name="bash" dev=sda5 ino=1114143 scontext=s ystem_u:system_r:system_dbusd_t:s0 tcontext=system_u:object_r:shell_exec_t:s0 tc lass=file Apr 28 14:31:28 eule kernel: audit(1209414688.170:5): avc: denied { read } for pid=2489 comm="nm-dispatcher.a" name="bash" dev=sda5 ino=1114143 scontext=syst em_u:system_r:system_dbusd_t:s0 tcontext=system_u:object_r:shell_exec_t:s0 tclas s=file Apr 28 14:31:28 eule kernel: audit(1209414688.173:6): avc: denied { getattr } for pid=2489 comm="cora" path="/etc/rc.d/init.d/ypbind" dev=sda5 ino=1279231 sc ontext=system_u:system_r:system_dbusd_t:s0 tcontext=system_u:object_r:initrc_exe c_t:s0 tclass=file Apr 28 14:31:28 eule kernel: audit(1209414688.173:7): avc: denied { execute } for pid=2489 comm="cora" name="ypbind" dev=sda5 ino=1279231 scontext=system_u:s ystem_r:system_dbusd_t:s0 tcontext=system_u:object_r:initrc_exec_t:s0 tclass=fil e Apr 28 14:31:28 eule kernel: audit(1209414688.193:8): avc: denied { execute } for pid=2492 comm="service" name="consoletype" dev=sda5 ino=1081407 scontext=sy stem_u:system_r:system_dbusd_t:s0 tcontext=system_u:object_r:consoletype_exec_t: s0 tclass=file Apr 28 14:31:28 eule kernel: audit(1209414688.193:9): avc: denied { read } for pid=2492 comm="service" name="consoletype" dev=sda5 ino=1081407 scontext=syste m_u:system_r:system_dbusd_t:s0 tcontext=system_u:object_r:consoletype_exec_t:s0 tclass=file Apr 28 14:31:28 eule kernel: audit(1209414688.193:10): avc: denied { execute_n o_trans } for pid=2492 comm="service" path="/sbin/consoletype" dev=sda5 ino=108 1407 scontext=system_u:system_r:system_dbusd_t:s0 tcontext=system_u:object_r:con soletype_exec_t:s0 tclass=file Apr 28 14:31:28 eule kernel: audit(1209414688.193:11): avc: denied { getattr } for pid=2492 comm="consoletype" path="pipe:[10018]" dev=pipefs ino=10018 scont ext=system_u:system_r:system_dbusd_t:s0 tcontext=system_u:system_r:system_dbusd_ t:s0 tclass=fifo_file Apr 28 14:31:28 eule kernel: audit(1209414688.250:12): avc: denied { read } fo r pid=2497 comm="env" name="ypbind" dev=sda5 ino=1279231 scontext=system_u:syst em_r:system_dbusd_t:s0 tcontext=system_u:object_r:initrc_exec_t:s0 tclass=file Apr 28 14:31:28 eule kernel: audit(1209414688.250:13): avc: denied { execute_n o_trans } for pid=2497 comm="env" path="/etc/rc.d/init.d/ypbind" dev=sda5 ino=1 279231 scontext=system_u:system_r:system_dbusd_t:s0 tcontext=system_u:object_r:i nitrc_exec_t:s0 tclass=file Apr 28 14:31:28 eule kernel: audit(1209414688.253:14): avc: denied { ioctl } f or pid=2497 comm="ypbind" path="/etc/rc.d/init.d/ypbind" dev=sda5 ino=1279231 s context=system_u:system_r:system_dbusd_t:s0 tcontext=system_u:object_r:initrc_ex ec_t:s0 tclass=file Apr 28 14:31:28 eule kernel: audit(1209414688.279:15): avc: denied { search } for pid=2503 comm="pidof" name="1" dev=proc ino=267 scontext=system_u:system_r: system_dbusd_t:s0 tcontext=system_u:system_r:init_t:s0 tclass=dir Apr 28 14:31:28 eule kernel: audit(1209414688.280:16): avc: denied { read } fo r pid=2503 comm="pidof" name="stat" dev=proc ino=1651 scontext=system_u:system_ r:system_dbusd_t:s0 tcontext=system_u:system_r:init_t:s0 tclass=file Apr 28 14:31:28 eule kernel: audit(1209414688.280:17): avc: denied { getattr } for pid=2503 comm="pidof" path="/proc/1/stat" dev=proc ino=1651 scontext=syste m_u:system_r:system_dbusd_t:s0 tcontext=system_u:system_r:init_t:s0 tclass=file Apr 28 14:31:28 eule kernel: audit(1209414688.280:18): avc: denied { read } fo r pid=2503 comm="pidof" name="exe" dev=proc ino=1653 scontext=system_u:system_r :system_dbusd_t:s0 tcontext=system_u:system_r:init_t:s0 tclass=lnk_file Apr 28 14:31:28 eule kernel: audit(1209414688.280:19): avc: denied { ptrace } for pid=2503 comm="pidof" scontext=system_u:system_r:system_dbusd_t:s0 tcontext =system_u:system_r:init_t:s0 tclass=process the pidof repeat for all processes... Apr 28 14:31:28 eule kernel: audit(1209414688.345:181): avc: denied { getattr } for pid=2524 comm="ypbind" path="/bin/hostname" dev=sda5 ino=1114322 scontext =system_u:system_r:system_dbusd_t:s0 tcontext=system_u:object_r:hostname_exec_t: s0 tclass=file Apr 28 14:31:28 eule kernel: audit(1209414688.345:182): avc: denied { execute } for pid=2524 comm="ypbind" name="hostname" dev=sda5 ino=1114322 scontext=syst em_u:system_r:system_dbusd_t:s0 tcontext=system_u:object_r:hostname_exec_t:s0 tc lass=file Apr 28 14:31:28 eule kernel: audit(1209414688.345:183): avc: denied { read } f or pid=2524 comm="ypbind" name="hostname" dev=sda5 ino=1114322 scontext=system_ u:system_r:system_dbusd_t:s0 tcontext=system_u:object_r:hostname_exec_t:s0 tclas s=file Apr 28 14:31:28 eule kernel: audit(1209414688.345:184): avc: denied { execute_ no_trans } for pid=2524 comm="ypbind" path="/bin/hostname" dev=sda5 ino=1114322 scontext=system_u:system_r:system_dbusd_t:s0 tcontext=system_u:object_r:hostnam e_exec_t:s0 tclass=file Apr 28 14:31:28 eule kernel: audit(1209414688.410:185): avc: denied { getattr } for pid=2513 comm="ypbind" path="/etc/selinux/targeted/modules/active/boolean s.local" dev=sda5 ino=1280183 scontext=system_u:system_r:system_dbusd_t:s0 tcont ext=system_u:object_r:semanage_store_t:s0 tclass=file Apr 28 14:31:28 eule kernel: audit(1209414688.410:186): avc: denied { read } f or pid=2513 comm="ypbind" name="booleans.local" dev=sda5 ino=1280183 scontext=s ystem_u:system_r:system_dbusd_t:s0 tcontext=system_u:object_r:semanage_store_t:s 0 tclass=file Apr 28 14:31:28 eule kernel: audit(1209414688.694:187): avc: denied { ioctl } for pid=2528 comm="dhcpdomain" path="pipe:[10101]" dev=pipefs ino=10101 scontex t=system_u:system_r:system_dbusd_t:s0 tcontext=system_u:system_r:system_dbusd_t: s0 tclass=fifo_file Apr 28 14:31:28 eule kernel: audit(1209414688.716:188): avc: denied { execute } for pid=2533 comm="dhcpdomain" name="ifconfig" dev=sda5 ino=1081362 scontext= system_u:system_r:system_dbusd_t:s0 tcontext=system_u:object_r:ifconfig_exec_t:s 0 tclass=file Apr 28 14:31:28 eule kernel: audit(1209414688.716:189): avc: denied { read } f or pid=2533 comm="dhcpdomain" name="ifconfig" dev=sda5 ino=1081362 scontext=sys tem_u:system_r:system_dbusd_t:s0 tcontext=system_u:object_r:ifconfig_exec_t:s0 t class=file and lots more.... Version-Release number of selected component (if applicable): NetworkManager-0.7.0-0.6.7.svn3614.fc8
Sorry, swapped permissive and enforcing above...
Some new issues (in addition to above) with 3669: May 19 11:40:47 cynosure nm-system-settings: polkit_error_get_error_message: assertion `error != NULL' failed May 19 11:40:47 cynosure nm-system-settings: Cannot initialize libpolkit: (null) May 19 11:40:47 cynosure nm-system-settings: polkit_error_free: assertion `error != NULL' failed May 19 11:40:47 cynosure kernel: audit(1211218847.066:4): avc: denied { read } for pid=2372 comm="nm-system-setti" name="PolicyKit" dev=sda7 ino=63851 scontext=system_u:system_r:system_dbusd_t:s0 tcontext=system_u:object_r:hald_var_lib_t:s0 tclass=dir May 19 11:41:05 cynosure kernel: audit(1211218865.444:5): avc: denied { create } for pid=2455 comm="hal-acl-tool" scontext=system_u:system_r:hald_acl_t:s0 tcontext=system_u:system_r:hald_acl_t:s0 tclass=unix_dgram_socket
selinux-policy-3.0.8-109.fc8 looks good now. Only denial I see (and no idea if this is causing any trouble) is: type=1400 audit(1212424838.730:4): avc: denied { read } for pid=2564 comm="nm-system-setti" name="PolicyKit.reload" dev=sda7 ino=63931 scontext=system_u:system_r:NetworkManager_t:s0-s0:c0.c1023 tcontext=system_u:object_r:system_crond_var_lib_t:s0 tclass=file which may be related to using PolicyKit-0.7-4.fc8.hughsie from the "utopia" repo: [utopia] name=Utopia experimental for FC $releasever ($basearch) baseurl=http://people.freedesktop.org/~hughsient/fedora/$releasever/$basearch/ enabled=1 gpgcheck=0
*** This bug has been marked as a duplicate of 446969 ***