Bug 459888 - SELinux is preventing dhcdbd (dhcpc_t) "read" to /etc/dbus-1/system.d (dbusd_etc_t)
SELinux is preventing dhcdbd (dhcpc_t) "read" to /etc/dbus-1/system.d (dbusd_...
Status: CLOSED ERRATA
Product: Red Hat Enterprise Linux 5
Classification: Red Hat
Component: selinux-policy-targeted (Show other bugs)
5.2
All Linux
low Severity low
: rc
: ---
Assigned To: Daniel Walsh
:
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2008-08-23 15:31 EDT by Ben Levenson
Modified: 2014-01-24 08:51 EST (History)
4 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2009-01-20 16:32:21 EST
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)

  None (edit)
Description Ben Levenson 2008-08-23 15:31:18 EDT
Description of problem:

Summary: SELinux is preventing dhcdbd (dhcpc_t) "read" to /etc/dbus-1/system.d
(dbusd_etc_t).

Detailed Description:

SELinux denied access requested by dhcdbd. It is not expected that this access
is required by dhcdbd and this access may signal an intrusion attempt. It is
also possible that the specific version or configuration of the application is
causing it to require additional access.

Allowing Access:

Sometimes labeling problems can cause SELinux denials. You could try to restore
the default system file context for /etc/dbus-1/system.d,

restorecon -v '/etc/dbus-1/system.d'

If this does not work, there is currently no automatic way to allow this access.
Instead, you can generate a local policy module to allow this access - see FAQ
(http://fedora.redhat.com/docs/selinux-faq-fc5/#id2961385) Or you can disable
SELinux protection altogether. Disabling SELinux protection is not recommended.
Please file a bug report (http://bugzilla.redhat.com/bugzilla/enter_bug.cgi)
against this package.

Additional Information:

Source Context                system_u:system_r:dhcpc_t
Target Context                system_u:object_r:dbusd_etc_t
Target Objects                /etc/dbus-1/system.d [ dir ]
Source                        dhcdbd
Source Path                   /sbin/dhcdbd
Port                          <Unknown>
Host                          localhost.localdomain
Source RPM Packages           dhcdbd-2.2-1.el5
Target RPM Packages           dbus-1.0.0-7.el5
Policy RPM                    selinux-policy-2.4.6-137.1.el5_2
Selinux Enabled               True
Policy Type                   targeted
MLS Enabled                   True
Enforcing Mode                Enforcing
Plugin Name                   catchall_file
Host Name                     localhost.localdomain
Platform                      Linux localhost.localdomain 2.6.18-92.1.10.el5 #1
                              SMP Wed Jul 23 03:56:11 EDT 2008 x86_64 x86_64
Alert Count                   6
First Seen                    Fri 22 Aug 2008 11:04:20 AM EDT
Last Seen                     Sat 23 Aug 2008 03:10:05 PM EDT
Local ID                      ac0244b5-6de6-457a-9f8f-7fae40e52a9f
Line Numbers                  

Raw Audit Messages            

host=localhost.localdomain type=AVC msg=audit(1219518605.165:232): avc:  denied  { read } for  pid=14286 comm="dhcdbd" path="/etc/dbus-1/system.d" dev=hda6 ino=2091393 scontext=system_u:system_r:dhcpc_t:s0 tcontext=system_u:object_r:dbusd_etc_t:s0 tclass=dir

host=localhost.localdomain type=SYSCALL msg=audit(1219518605.165:232): arch=c000003e syscall=59 success=yes exit=0 a0=da9910 a1=d8edf0 a2=d9b670 a3=6266373939333838 items=0 ppid=14285 pid=14286 auid=4294967295 uid=81 gid=81 euid=81 suid=81 fsuid=81 egid=81 sgid=81 fsgid=81 tty=(none) ses=4294967295 comm="dhcdbd" exe="/sbin/dhcdbd" subj=system_u:system_r:dhcpc_t:s0 key=(null)



Additional info:
"restorecon -v '/etc/dbus-1/system.d'" does not fix this -- the context is the same before and after.
Comment 1 Daniel Walsh 2008-08-29 14:00:29 EDT
Fixed in selinux-policy-2.4.6-149.el5

Preview available on http://people.redhat.com/dwalsh/SELinux/RHEL5
Comment 2 RHEL Product and Program Management 2008-08-29 14:10:12 EDT
This request was evaluated by Red Hat Product Management for inclusion in a Red
Hat Enterprise Linux maintenance release.  Product Management has requested
further review of this request by Red Hat Engineering, for potential
inclusion in a Red Hat Enterprise Linux Update release for currently deployed
products.  This request is not yet committed for inclusion in an Update
release.
Comment 7 errata-xmlrpc 2009-01-20 16:32:21 EST
An advisory has been issued which should help the problem
described in this bug report. This report is therefore being
closed with a resolution of ERRATA. For more information
on therefore solution and/or where to find the updated files,
please follow the link below. You may reopen this bug report
if the solution does not work for you.

http://rhn.redhat.com/errata/RHBA-2009-0163.html

Note You need to log in before you can comment on or make changes to this bug.