Bug 488680 - SELinux is preventing dbus-daemon-lau (system_dbusd_t) "execute" kerneloops_exec_t
SELinux is preventing dbus-daemon-lau (system_dbusd_t) "execute" kerneloops_e...
Status: CLOSED RAWHIDE
Product: Fedora
Classification: Fedora
Component: selinux-policy (Show other bugs)
rawhide
All Linux
low Severity medium
: ---
: ---
Assigned To: Daniel Walsh
Fedora Extras Quality Assurance
:
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2009-03-05 02:11 EST by Allen Kistler
Modified: 2009-03-05 09:19 EST (History)
3 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2009-03-05 09:19:50 EST
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)

  None (edit)
Description Allen Kistler 2009-03-05 02:11:33 EST
Description of problem:
SELinux is keeping kerneloops from reporting a kernel oops that occurs during boot.

Version-Release number of selected component (if applicable):
selinux-policy-3.6.7-1.fc11
(also dbus-1.2.4-4permissive-4.fc11 and kerneloops-0.12-3.fc11)

How reproducible:
Always

Steps to Reproduce:
1. boot
2. read the setroubleshoot browser pop-up (or the audit log directly)
  
Actual results:
AVC denial (see below)

Expected results:
No AVC denial

Additional info:
The audit log entry follows.  Note that "dbus-deamon-lau" is probably
dbus-daemon-launch-helper.

node=vtest type=AVC msg=audit(1236230578.12:13): avc: denied { execute } for pid=2519 comm="dbus-daemon-lau" name="kerneloops" dev=dm-0 ino=85586 scontext=system_u:system_r:system_dbusd_t:s0-s0:c0.c1023 tcontext=system_u:object_r:kerneloops_exec_t:s0 tclass=file
Comment 1 Allen Kistler 2009-03-05 02:37:30 EST
I set enforcement to permissive, and I get a few more logs (but different) along the same lines (i.e., a kerneloops theme).

node=vtest type=AVC msg=audit(1236237802.426:48): avc: denied { syslog_read } for pid=3366 comm="kerneloops" scontext=system_u:system_r:system_dbusd_t:s0-s0:c0.c1023 tcontext=system_u:system_r:kernel_t:s0 tclass=system

node=vtest type=AVC msg=audit(1236237839.976:50): avc: denied { name_connect } for pid=3366 comm="kerneloops" dest=80 scontext=system_u:system_r:system_dbusd_t:s0-s0:c0.c1023 tcontext=system_u:object_r:http_port_t:s0 tclass=tcp_socket

node=vtest type=AVC msg=audit(1236237839.566:49): avc: denied { sys_nice } for pid=3366 comm="kerneloops" capability=23 scontext=system_u:system_r:system_dbusd_t:s0-s0:c0.c1023 tcontext=system_u:system_r:system_dbusd_t:s0-s0:c0.c1023 tclass=capability

node=vtest type=AVC msg=audit(1236237839.566:49): avc: denied { setsched } for pid=3366 comm="kerneloops" scontext=system_u:system_r:system_dbusd_t:s0-s0:c0.c1023 tcontext=system_u:system_r:system_dbusd_t:s0-s0:c0.c1023 tclass=process
Comment 2 Daniel Walsh 2009-03-05 09:19:50 EST
Fixed in selinux-policy-3.6.7-2.fc11

Note You need to log in before you can comment on or make changes to this bug.