The following was filed automatically by setroubleshoot: Summary: SELinux is preventing /lib64/dbus-1/dbus-daemon-launch-helper from executing system-config-firewall-mechanism.py. Detailed Description: SELinux has denied the dbus-daemon-lau from executing system-config-firewall-mechanism.py. If dbus-daemon-lau is supposed to be able to execute system-config-firewall-mechanism.py, this could be a labeling problem. Most confined domains are allowed to execute files labeled bin_t. So you could change the labeling on this file to bin_t and retry the application. If this dbus-daemon-lau is not supposed to execute system-config-firewall-mechanism.py, this could signal an intrusion attempt. Allowing Access: If you want to allow dbus-daemon-lau to execute system-config-firewall-mechanism.py: chcon -t bin_t 'system-config-firewall-mechanism.py' If this fix works, please update the file context on disk, with the following command: semanage fcontext -a -t bin_t 'system-config-firewall-mechanism.py' Please specify the full path to the executable, Please file a bug report to make sure this becomes the default labeling. Additional Information: Source Context system_u:system_r:system_dbusd_t:s0-s0:c0.c1023 Target Context system_u:object_r:usr_t:s0 Target Objects system-config-firewall-mechanism.py [ file ] Source dbus-daemon-lau Source Path /lib64/dbus-1/dbus-daemon-launch-helper Port <Unknown> Host (removed) Source RPM Packages dbus-1.2.16-5.fc12 Target RPM Packages Policy RPM selinux-policy-3.6.31-3.fc12 Selinux Enabled True Policy Type targeted MLS Enabled True Enforcing Mode Enforcing Plugin Name execute Host Name (removed) Platform Linux (removed) 2.6.31-2.fc12.x86_64 #1 SMP Thu Sep 10 00:25:40 EDT 2009 x86_64 x86_64 Alert Count 2 First Seen Sun 13 Sep 2009 07:52:08 PM IST Last Seen Sun 13 Sep 2009 07:53:03 PM IST Local ID 63605ca1-a376-48af-baf2-46c10e4c78d3 Line Numbers Raw Audit Messages node=(removed) type=AVC msg=audit(1252851783.896:36): avc: denied { execute } for pid=3088 comm="dbus-daemon-lau" name="system-config-firewall-mechanism.py" dev=sda5 ino=359 scontext=system_u:system_r:system_dbusd_t:s0-s0:c0.c1023 tcontext=system_u:object_r:usr_t:s0 tclass=file node=(removed) type=SYSCALL msg=audit(1252851783.896:36): arch=c000003e syscall=59 success=no exit=-13 a0=1f7f9f0 a1=1f7f8f0 a2=1f7e010 a3=7fff73c1df70 items=0 ppid=3087 pid=3088 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="dbus-daemon-lau" exe="/lib64/dbus-1/dbus-daemon-launch-helper" subj=system_u:system_r:system_dbusd_t:s0-s0:c0.c1023 key=(null) audit2allow suggests: #============= system_dbusd_t ============== allow system_dbusd_t usr_t:file execute;
When trying to configure firewall, A blank system-config-firewall window pops up and terminates after selinux alert. Not able to view/change firewall settings.
*** Bug 523088 has been marked as a duplicate of this bug. ***
Reassiginig to selinux-policy. A new policy will be added for the dbus firewall backend. As an interim solution set the type of the dbus backend context with "chcon -t bin_t /usr/share/system-config-firewall/system-config-firewall-mechanism.py"
Fixed in selinux-policy-3.6.31-4.fc12.noarch
*** Bug 524157 has been marked as a duplicate of this bug. ***
Not working with selinux-policy-3.6.32-7.fc12.noarch
Floki, please explain. What errors are you seeing?
I saw sealert after updating to selinux-policy-3.6.32-7.fc12.noarch when starting s-c-f from menu. starting system-config-firewall from menu works after using command in comment #3 (which has nasty line break) or after from SELinux Management using "Relable on next reboot". Then system-config-firewall-mechanism.py has firewallgui_exec_t in SELinux Context. PS. I use f12 live snap 2 updated. Then SELinux Management was missing from menu, I thing it should be installed by defult.
You relabelled and the system-config-firewall worked, indicating you had a labelling problem. Open a bugzilla with live snap to add SELinux Management to their default install. I am going to close this bugzilla since it seems that if you have proper labeling everything is working.