491025 – SELinux is preventing dbus-daemon-lau (system_dbusd_t) "execute" to ./console-kit-daemon

Bug 491025 - SELinux is preventing dbus-daemon-lau (system_dbusd_t) "execute" to ./console-kit-daemon

Summary: SELinux is preventing dbus-daemon-lau (system_dbusd_t) "execute" to ./console...

Keywords:
Status:	CLOSED NEXTRELEASE
Alias:	None
Product:	Fedora
Classification:	Fedora
Component:	selinux-policy
Sub Component:
Version:	10
Hardware:	i686
OS:	Linux
Priority:	low
Severity:	medium
Target Milestone:	---
Assignee:	Daniel Walsh
QA Contact:	Fedora Extras Quality Assurance
Docs Contact:
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+	depends on / blocked

Reported:	2009-03-18 23:12 UTC by linuxlambe
Modified:	2009-03-19 13:05 UTC (History)
CC List:	2 users (show)
Fixed In Version:
Doc Type:	Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed:	2009-03-19 13:05:58 UTC
Type:	---
Embargoed:
Dependent Products:

Attachments	(Terms of Use)

Description linuxlambe 2009-03-18 23:12:27 UTC

Description of problem:
SELinux is preventing dbus-daemon-lau (system_dbusd_t) "execute" to ./console-kit-daemon (consolekit_exec_t). 

Version-Release number of selected component (if applicable):


How reproducible:


Steps to Reproduce:
1.
2.
3.
  
Actual results:
SELinux denied access requested by dbus-daemon-lau. It is not expected that this access is required by dbus-daemon-lau and this access may signal an intrusion attempt. It is also possible that the specific version or configuration of the application is causing it to require additional access.

Expected results:


Additional info:Source Context:  system_u:system_r:system_dbusd_t:s0-s0:c0.c1023Target Context:  system_u:object_r:consolekit_exec_t:s0Target Objects:  ./console-kit-daemon [ file ]Source:  dbus-daemon-lauSource Path:  /lib/dbus-1/dbus-daemon-launch-helperPort:  <Unknown>Host:  localhost.localdomainSource RPM Packages:  dbus-1.1.2-9.fc8Target RPM Packages:  Policy RPM:  selinux-policy-3.0.8-127.fc8Selinux Enabled:  TruePolicy Type:  targetedMLS Enabled:  TrueEnforcing Mode:  EnforcingPlugin Name:  catchall_fileHost Name:  localhost.localdomainPlatform:  Linux localhost.localdomain 2.6.27.5-117.fc10.i686 #1 SMP Tue Nov 18 12:19:59 EST 2008 i686 i686
Alert Count:  62First Seen:  Wed 18 Mar 2009 06:11:32 AM CDTLast Seen:  Wed 18 Mar 2009 05:50:22 PM CDTLocal ID:  ecb3fbaa-b001-4b8f-bcfc-0665b9704a76Line Numbers:  Raw Audit Messages :node=localhost.localdomain type=AVC msg=audit(1237416622.438:61): avc: denied { execute } for pid=2893 comm="dbus-daemon-lau" name="console-kit-daemon" dev=dm-0 ino=4471673 scontext=system_u:system_r:system_dbusd_t:s0-s0:c0.c1023 tcontext=system_u:object_r:consolekit_exec_t:s0 tclass=file node=localhost.localdomain type=SYSCALL msg=audit(1237416622.438:61): arch=40000003 syscall=11 success=no exit=-13 a0=8867e48 a1=8867dc8 a2=8867008 a3=2d09bc items=0 ppid=2892 pid=2893 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="dbus-daemon-lau" exe="/lib/dbus-1/dbus-daemon-launch-helper" subj=system_u:system_r:system_dbusd_t:s0-s0:c0.c1023 key=(null)

Comment 1 Miroslav Grepl 2009-03-19 11:29:26 UTC

It looks like you should upgrade your packages. Fedora 8 is EOL and f8 packages are unsupported.

Note You need to log in before you can comment on or make changes to this bug.