Bug 491866 - SELinux causes f-spot DBus access denial
SELinux causes f-spot DBus access denial
Product: Fedora
Classification: Fedora
Component: selinux-policy (Show other bugs)
All Linux
low Severity medium
: ---
: ---
Assigned To: Daniel Walsh
Fedora Extras Quality Assurance
: Reopened
Depends On:
  Show dependency treegraph
Reported: 2009-03-24 09:49 EDT by Michel Alexandre Salim
Modified: 2009-05-01 13:56 EDT (History)
4 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Last Closed: 2009-05-01 13:56:33 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)

  None (edit)
Description Michel Alexandre Salim 2009-03-24 09:49:32 EDT
Description of problem:
When running SELinux on Rawhide, SELinux policy prevents ndesk-dbus from owning org.gnome.FSpot

Version-Release number of selected component (if applicable):

(Same on i586)

How reproducible:

Steps to Reproduce:
1. yum install f-spot
2. f-spot --debug
Actual results:
$ f-spot --debug
** Running f-spot in Debug Mode **
** Running Mono with --debug   **
[Info  09:44:05.052] Initializing DBus
[Debug 09:44:05.193] DBusInitialization took 0.131913s
[Info  09:44:05.193] Initializing Mono.Addins
[Debug 09:44:05.429] Mono.Addins Initialization took 0.236513s
[Info  09:44:05.436] Starting new FSpot server
System.Exception: org.freedesktop.DBus.Error.AccessDenied: Connection ":1.98" is not allowed to own the service "org.gnome.FSpot" due to SELinux policy
  at IBusProxy.RequestName (System.String flags, NameFlag ) [0x00000] 
  at NDesk.DBus.Bus.RequestName (System.String name, NameFlag flags) [0x00000] in /builddir/build/BUILD/ndesk-dbus-0.6.1a/src/Bus.cs:128 
  at FSpot.Core.RegisterServer () [0x00000] 
  at FSpot.Driver.Main (System.String[] args) [0x00000] 
[Warn  09:44:05.516] Can't get a connection to the dbus. Trying again...
[Info  09:44:05.516] Starting new FSpot server
[Warn  09:44:05.516] Can't get a connection to the dbus. Trying again...
[Info  09:44:05.517] Starting new FSpot server
[Warn  09:44:05.517] Can't get a connection to the dbus. Trying again...
[Info  09:44:05.518] Starting new FSpot server
[Warn  09:44:05.519] Can't get a connection to the dbus. Trying again...
[Info  09:44:05.519] Starting new FSpot server
[Warn  09:44:05.520] Can't get a connection to the dbus. Trying again...
[Info  09:44:05.521] Starting new FSpot server
[Warn  09:44:05.521] Can't get a connection to the dbus. Trying again...
[Error 09:44:05.521] Sorry, couldn't start F-Spot

Expected results:
f-spot should work normally (it still works using setenforce 0)

Additional info:
Comment 1 Daniel Walsh 2009-03-24 10:33:05 EDT
Fixed in selinux-policy-3.6.10-1.fc11.noarch
Comment 2 Michel Alexandre Salim 2009-03-24 13:26:12 EDT
I pulled selinux-policy and selinux-policy-targeted 3.6.10-1 from Koji and the problem is still occuring.

Tried with the latest kernels pushed to Rawhide:
Comment 3 Daniel Walsh 2009-03-24 15:29:50 EDT
Do you see any avc messages in /var/log/audit/audit.log or /var/log/messages

We had a similar bugzilla earlier and I though I had fixed it.
Comment 4 Jean-François Martin 2009-04-06 10:09:07 EDT
I have the same problem.

The message reported in /var/log/messages :

Apr  6 16:05:35 jin dbus: avc:  denied  { acquire_svc } for service=org.gnome.FSpot spid=6449 scontext=unconfined_u:unconfined_r:unconfined_mono_t:s0-s0:c0.c1023 tcontext=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 tclass=dbus
Comment 5 Daniel Walsh 2009-05-01 13:56:33 EDT
Fixed in selinux-policy-3.6.12-27.fc11.noarch

Note You need to log in before you can comment on or make changes to this bug.