Bug 510653 - dbus-daemon-launch-helper blocked
dbus-daemon-launch-helper blocked
Status: CLOSED NOTABUG
Product: Fedora
Classification: Fedora
Component: selinux-policy-targeted (Show other bugs)
11
All Linux
low Severity medium
: ---
: ---
Assigned To: Daniel Walsh
Ben Levenson
:
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2009-07-10 00:17 EDT by David Highley
Modified: 2009-07-10 10:23 EDT (History)
0 users

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2009-07-10 10:23:27 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)

  None (edit)
Description David Highley 2009-07-10 00:17:49 EDT
Description of problem:
I'm not sure what caused this issue

Version-Release number of selected component (if applicable):
selinux-policy-targeted-3.6.12-53.fc11.noarch

How reproducible:


Steps to Reproduce:
1.
2.
3.
  
Actual results:


Expected results:


Additional info:
time->Mon Jun 29 23:32:06 2009
type=SYSCALL msg=audit(1246343526.658:9): arch=c000003e syscall=42 success=no exit=-13 a0=3 a1=7fff7cd6ac90 a2=10 a3=98 items=0 ppid=2377 pid=2378 auid=4294967295 uid=81 gid=81 euid=0 suid=0 fsuid=0 egid=81 sgid=81 fsgid=81 tty=(none) ses=4294967295 comm="dbus-daemon-lau" exe="/lib64/dbus-1/dbus-daemon-launch-helper" subj=system_u:system_r:system_dbusd_t:s0-s0:c0.c1023 key=(null)
type=AVC msg=audit(1246343526.658:9): avc:  denied  { name_connect } for  pid=2378 comm="dbus-daemon-lau" dest=111 scontext=system_u:system_r:system_dbusd_t:s0-s0:c0.c1023 tcontext=system_u:object_r:portmap_port_t:s0 tclass=tcp_socket
Comment 1 Daniel Walsh 2009-07-10 08:17:54 EDT
Is this an ypbind service?

Do you have the allow_ypbind boolean turned on ?

setsebool -P allow_ypbind=1
Comment 2 David Highley 2009-07-10 09:37:22 EDT
Yes, this bool is set, but at what point in the system installation process it was set we can not tell you. We enabled nis in the installation process so this would be a good place for this bool to be set. We are going to migrate to ldap as nis is not being accounted for in new development and issues keep cropping up.
Comment 3 Daniel Walsh 2009-07-10 10:23:27 EDT
Well you should not see this any longer, I would write this down as a race condition.  But make sure it is permanently set by executing the above command

Note You need to log in before you can comment on or make changes to this bug.