468419 – avc denied dbus-daemon search xdm_tmp_t

Bug 468419 - avc denied dbus-daemon search xdm_tmp_t

Summary: avc denied dbus-daemon search xdm_tmp_t

Keywords:
Status:	CLOSED RAWHIDE
Alias:	None
Product:	Fedora
Classification:	Fedora
Component:	kdebase
Sub Component:
Version:	rawhide
Hardware:	All
OS:	Linux
Priority:	low
Severity:	low
Target Milestone:	---
Assignee:	Than Ngo
QA Contact:	Fedora Extras Quality Assurance
Docs Contact:
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+	depends on / blocked

Reported:	2008-10-24 17:05 UTC by Orion Poplawski
Modified:	2008-10-29 17:54 UTC (History)
CC List:	10 users (show)
Fixed In Version:
Doc Type:	Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed:	2008-10-29 17:54:53 UTC
Type:	---
Embargoed:
Dependent Products:

Attachments	(Terms of Use)

Description Orion Poplawski 2008-10-24 17:05:59 UTC

Description of problem:

Latest rawhide, running kdm, these appear about when kdm starts:

Oct 24 09:49:19 test kernel: type=1400 audit(1224863359.400:4): avc:  denied  { search } for  pid=2189 comm="dbus-daemon" name="1981980055" dev=tmpfs ino=8975 scontext=system_u:system_r:xdm_dbusd_t:s0-s0:c0.c1023 tcontext=system_u:object_r:xdm_tmp_t:s0 tclass=dir
Oct 24 09:49:19 test kernel: type=1400 audit(1224863359.400:5): avc:  denied  { search } for  pid=2189 comm="dbus-daemon" name="1981980055" dev=tmpfs ino=8975 scontext=system_u:system_r:xdm_dbusd_t:s0-s0:c0.c1023 tcontext=system_u:object_r:xdm_tmp_t:s0 tclass=dir

Version-Release number of selected component (if applicable):
selinux-policy-3.5.13-5.fc10.noarch


# ps -fe | grep dbus
dbus      1663     1  0 09:49 ?        00:00:00 dbus-daemon --system
root      2190     1  0 09:49 ?        00:00:00 dbus-launch --autolaunch ecd0c85db05b6c4cfb26d3cb4900b86a --binary-syntax --close-stderr
root      2191     1  0 09:49 ?        00:00:00 /bin/dbus-daemon --fork --print-pid 5 --print-address 7 --session
orion     2258     1  0 09:49 ?        00:00:00 dbus-launch --sh-syntax --exit-with-session
orion     2260     1  0 09:49 ?        00:00:00 /bin/dbus-daemon --fork --print-pid 6 --print-address 8 --session
root      3982     1  0 10:15 ?        00:00:00 /bin/dbus-daemon --fork --print-pid 5 --print-address 7 --session
root      4158     1  0 10:15 ?        00:00:00 dbus-launch --autolaunch ecd0c85db05b6c4cfb26d3cb4900b86a --binary-syntax --close-stderr
root      4159     1  0 10:15 ?        00:00:00 /bin/dbus-daemon --fork --print-pid 5 --print-address 7 --session

Comment 1 Daniel Walsh 2008-10-29 17:35:01 UTC

Strange.  This looks like dbus might be started while the current working directory is in /tmp/kde?

Or something like that.

Do you notice any failures?

I have no idea why dbus would want to search this directory unless it was where dbus was started from.

Reassigning to kdebase, dbus should not be stated from the tmp directory, if it is not please reassign back along with a suggestion of what is going on here.  :^)

Comment 2 Orion Poplawski 2008-10-29 17:54:53 UTC

I'm no longer seeing this with:

selinux-policy-3.5.13-8.fc10.noarch
kdebase-4.1.2-5.fc10.x86_64
kdebase-workspace-4.1.2-7.fc10.x86_64

Note You need to log in before you can comment on or make changes to this bug.