Bug 544787 - 'system-config-firewall' : firewallgui_t unconfined_t:dbus send_msg;
Summary: 'system-config-firewall' : firewallgui_t unconfined_t:dbus send_msg;
Keywords:
Status: CLOSED ERRATA
Alias: None
Product: Fedora
Classification: Fedora
Component: selinux-policy
Version: 12
Hardware: x86_64
OS: Linux
low
urgent
Target Milestone: ---
Assignee: Daniel Walsh
QA Contact: Fedora Extras Quality Assurance
URL:
Whiteboard:
: 545680 546698 (view as bug list)
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2009-12-06 14:55 UTC by Patrick
Modified: 2009-12-16 01:06 UTC (History)
6 users (show)

Fixed In Version: 3.6.32-56.fc12
Doc Type: Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed: 2009-12-16 01:06:58 UTC
Type: ---
Embargoed:


Attachments (Terms of Use)

Description Patrick 2009-12-06 14:55:04 UTC
Description of problem:
When starting 'system-configfirewall' the gui hangs about 30 seconds before requesting root authentication. After given this the gui freezes completely and must be killed.

Version-Release number of selected component (if applicable):
Name       : selinux-policy
Arch       : noarch
Version    : 3.6.32
Release    : 55.fc12
Size       : 6.4 M
Repo       : installed
From repo  : updates-testing

How reproducible:
Always

Steps to Reproduce:
1. call system-config-firewall
2. wait until it asks for root password
3. type in root passwort
  
Actual results:
1. freeze for about 30 seconds until one is asked for password
2. complete freeze after authentication

Expected results:
1. No freezes

Additional info:
Obviously this issue is related to changes introduced into selinux-policy because of bug 544343.

'audit2allow -i /var/log/audit/audit.log' says:

#============= firewallgui_t ==============
allow firewallgui_t unconfined_t:dbus send_msg;

#============= fprintd_t ==============
allow fprintd_t policykit_auth_t:dbus send_msg;
allow fprintd_t unconfined_t:dbus send_msg;

#============= policykit_auth_t ==============
allow policykit_auth_t fprintd_t:dbus send_msg;


Calling the following commands fixed it for me:
# audit2allow -M firewalls -l -i /var/log/audit/audit.log
# semodule -i firewalls.pp

Comment 1 Daniel Walsh 2009-12-06 15:21:14 UTC
You can add these rules for now using

# grep avc /var/log/audit/audit.log | audit2allow -M mypol
# semodule -i mypol.pp

Fixed in selinux-policy-3.6.32-56.fc12.noarch

Comment 2 Fedora Update System 2009-12-07 22:54:41 UTC
selinux-policy-3.6.32-56.fc12 has been submitted as an update for Fedora 12.
http://admin.fedoraproject.org/updates/selinux-policy-3.6.32-56.fc12

Comment 3 Fedora Update System 2009-12-10 04:20:08 UTC
selinux-policy-3.6.32-56.fc12 has been pushed to the Fedora 12 testing repository.  If problems still persist, please make note of it in this bug report.
 If you want to test the update, you can install it with 
 su -c 'yum --enablerepo=updates-testing update selinux-policy'.  You can provide feedback for this update here: http://admin.fedoraproject.org/updates/F12/FEDORA-2009-12990

Comment 4 Michael Cronenworth 2009-12-14 06:35:52 UTC
*** Bug 546698 has been marked as a duplicate of this bug. ***

Comment 5 Michael Cronenworth 2009-12-14 06:36:10 UTC
*** Bug 545680 has been marked as a duplicate of this bug. ***

Comment 6 Miroslav Vadkerti 2009-12-14 10:56:01 UTC
VERIFIED as fixed in selinux-policy-3.6.32-58.fc12.noarch

Comment 7 Fedora Update System 2009-12-16 01:05:37 UTC
selinux-policy-3.6.32-56.fc12 has been pushed to the Fedora 12 stable repository.  If problems still persist, please make note of it in this bug report.


Note You need to log in before you can comment on or make changes to this bug.