Bug 470850 - SELinux is preventing dbus-daemon (xdm_dbusd_t) "execute" to ./gconfd-2 (gconfd_exec_t).
SELinux is preventing dbus-daemon (xdm_dbusd_t) "execute" to ./gconfd-2 (gcon...
Status: CLOSED ERRATA
Product: Fedora
Classification: Fedora
Component: selinux-policy (Show other bugs)
10
All Linux
medium Severity medium
: ---
: ---
Assigned To: Daniel Walsh
Fedora Extras Quality Assurance
: SELinux
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2008-11-10 11:33 EST by Matěj Cepl
Modified: 2018-04-11 04:13 EDT (History)
5 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2009-09-06 03:15:04 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)

  None (edit)
Description Matěj Cepl 2008-11-10 11:33:23 EST
Souhrn:

SELinux is preventing dbus-daemon (xdm_dbusd_t) "execute" to ./gconfd-2
(gconfd_exec_t).

Podrobný popis:

SELinux denied access requested by dbus-daemon. It is not expected that this
access is required by dbus-daemon and this access may signal an intrusion
attempt. It is also possible that the specific version or configuration of the
application is causing it to require additional access.

Povolení přístupu:

Sometimes labeling problems can cause SELinux denials. You could try to restore
the default system file context for ./gconfd-2,

restorecon -v './gconfd-2'

If this does not work, there is currently no automatic way to allow this access.
Instead, you can generate a local policy module to allow this access - see FAQ
(http://fedora.redhat.com/docs/selinux-faq-fc5/#id2961385) Or you can disable
SELinux protection altogether. Disabling SELinux protection is not recommended.
Please file a bug report (http://bugzilla.redhat.com/bugzilla/enter_bug.cgi)
against this package.

Další informace:

Kontext zdroje                system_u:system_r:xdm_dbusd_t:SystemLow-SystemHigh
Kontext cíle                 system_u:object_r:gconfd_exec_t
Objekty cíle                 ./gconfd-2 [ file ]
Zdroj                         dbus-daemon
Cesta zdroje                  /bin/dbus-daemon
Port                          <Neznámé>
Počítač                    hubmaier.ceplovi.cz
RPM balíčky zdroje          dbus-1.2.4-1.fc10
RPM balíčky cíle           
RPM politiky                  selinux-policy-3.5.13-11.fc10
Selinux povolen               True
Typ politiky                  targeted
MLS povoleno                  True
Vynucovací režim            Enforcing
Název zásuvného modulu     catchall_file
Název počítače            hubmaier.ceplovi.cz
Platforma                     Linux hubmaier.ceplovi.cz 2.6.27.4-79.fc10.x86_64
                              #1 SMP Tue Nov 4 21:23:33 EST 2008 x86_64 x86_64
Počet upozornění           195
Poprvé viděno               Po 10. listopad 2008, 16:25:18 CET
Naposledy viděno             Po 10. listopad 2008, 16:33:02 CET
Místní ID                   cc52a93e-c0fc-40fe-9899-b4efcaf0748a
Čísla řádků              

Původní zprávy auditu      

node=hubmaier.ceplovi.cz type=AVC msg=audit(1226331182.577:117): avc:  denied  { execute } for  pid=3149 comm="dbus-daemon" name="gconfd-2" dev=dm-1 ino=1062941 scontext=system_u:system_r:xdm_dbusd_t:s0-s0:c0.c1023 tcontext=system_u:object_r:gconfd_exec_t:s0 tclass=file

node=hubmaier.ceplovi.cz type=SYSCALL msg=audit(1226331182.577:117): arch=c000003e syscall=59 success=no exit=-13 a0=7f7ca4805190 a1=7f7ca480cc20 a2=7f7ca480b3d0 a3=7fffac296150 items=0 ppid=3148 pid=3149 auid=4294967295 uid=42 gid=42 euid=42 suid=42 fsuid=42 egid=42 sgid=42 fsgid=42 tty=(none) ses=4294967295 comm="dbus-daemon" exe="/bin/dbus-daemon" subj=system_u:system_r:xdm_dbusd_t:s0-s0:c0.c1023 key=(null)
Comment 1 Daniel Walsh 2008-11-12 17:09:25 EST
This should not be a blocker unless it actually blocks something like login?
Comment 2 Matěj Cepl 2008-11-12 21:28:14 EST
(In reply to comment #1)
> This should not be a blocker unless it actually blocks something like login?

Yeah, I don't see any particular problem jumping up.
Comment 3 Daniel Walsh 2008-11-13 14:17:17 EST
Have you tried to change languages?
Comment 4 Matěj Cepl 2008-11-14 11:57:26 EST
(In reply to comment #3)
> Have you tried to change languages?

Sorry, don't understand. You mean like whether I have switched from English to Czech or something? My default locale is cs_CZ.utf-8, and yes I am switching keyboard to US from time to time when using kvm (vnc in kvm has unholy tendency to lock up with Czech keyboard).
Comment 5 Daniel Walsh 2008-11-14 15:19:58 EST
Yes I am just guessing that somehow gdm is talking to dbus which is calling into gconf when changing language.
Comment 6 Bug Zapper 2008-11-26 00:08:10 EST
This bug appears to have been reported against 'rawhide' during the Fedora 10 development cycle.
Changing version to '10'.

More information and reason for this action is here:
http://fedoraproject.org/wiki/BugZappers/HouseKeeping
Comment 7 Daniel Walsh 2008-12-01 15:52:46 EST
Fixed in selinux-policy-3.5.13-27.fc10
Comment 8 Matěj Cepl 2009-01-27 16:41:56 EST
Havn't seen this for ages.

Note You need to log in before you can comment on or make changes to this bug.