Bug 510653 - dbus-daemon-launch-helper blocked
Summary: dbus-daemon-launch-helper blocked
Keywords:
Status: CLOSED NOTABUG
Alias: None
Product: Fedora
Classification: Fedora
Component: selinux-policy-targeted
Version: 11
Hardware: All
OS: Linux
low
medium
Target Milestone: ---
Assignee: Daniel Walsh
QA Contact: Ben Levenson
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2009-07-10 04:17 UTC by David Highley
Modified: 2009-07-10 14:23 UTC (History)
0 users

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed: 2009-07-10 14:23:27 UTC
Type: ---
Embargoed:


Attachments (Terms of Use)

Description David Highley 2009-07-10 04:17:49 UTC
Description of problem:
I'm not sure what caused this issue

Version-Release number of selected component (if applicable):
selinux-policy-targeted-3.6.12-53.fc11.noarch

How reproducible:


Steps to Reproduce:
1.
2.
3.
  
Actual results:


Expected results:


Additional info:
time->Mon Jun 29 23:32:06 2009
type=SYSCALL msg=audit(1246343526.658:9): arch=c000003e syscall=42 success=no exit=-13 a0=3 a1=7fff7cd6ac90 a2=10 a3=98 items=0 ppid=2377 pid=2378 auid=4294967295 uid=81 gid=81 euid=0 suid=0 fsuid=0 egid=81 sgid=81 fsgid=81 tty=(none) ses=4294967295 comm="dbus-daemon-lau" exe="/lib64/dbus-1/dbus-daemon-launch-helper" subj=system_u:system_r:system_dbusd_t:s0-s0:c0.c1023 key=(null)
type=AVC msg=audit(1246343526.658:9): avc:  denied  { name_connect } for  pid=2378 comm="dbus-daemon-lau" dest=111 scontext=system_u:system_r:system_dbusd_t:s0-s0:c0.c1023 tcontext=system_u:object_r:portmap_port_t:s0 tclass=tcp_socket

Comment 1 Daniel Walsh 2009-07-10 12:17:54 UTC
Is this an ypbind service?

Do you have the allow_ypbind boolean turned on ?

setsebool -P allow_ypbind=1

Comment 2 David Highley 2009-07-10 13:37:22 UTC
Yes, this bool is set, but at what point in the system installation process it was set we can not tell you. We enabled nis in the installation process so this would be a good place for this bool to be set. We are going to migrate to ldap as nis is not being accounted for in new development and issues keep cropping up.

Comment 3 Daniel Walsh 2009-07-10 14:23:27 UTC
Well you should not see this any longer, I would write this down as a race condition.  But make sure it is permanently set by executing the above command


Note You need to log in before you can comment on or make changes to this bug.