Summary: SELinux is preventing /usr/bin/python "read" access on /var/run/abrt.pid. Detailed Description: SELinux denied access requested by system-config-s. It is not expected that this access is required by system-config-s and this access may signal an intrusion attempt. It is also possible that the specific version or configuration of the application is causing it to require additional access. Allowing Access: You can generate a local policy module to allow this access - see FAQ (http://fedora.redhat.com/docs/selinux-faq-fc5/#id2961385) Please file a bug report. Additional Information: Source Context system_u:system_r:sambagui_t:s0-s0:c0.c1023 Target Context system_u:object_r:abrt_var_run_t:s0 Target Objects /var/run/abrt.pid [ file ] Source system-config-s Source Path /usr/bin/python Port <Unknown> Host (removed) Source RPM Packages python-2.6.2-2.fc12 Target RPM Packages Policy RPM selinux-policy-3.6.32-56.fc12 Selinux Enabled True Policy Type targeted Enforcing Mode Enforcing Plugin Name catchall Host Name (removed) Platform Linux (removed) 2.6.31.6-166.fc12.x86_64 #1 SMP Wed Dec 9 10:46:22 EST 2009 x86_64 x86_64 Alert Count 1 First Seen Mon 14 Dec 2009 06:34:39 PM GMT Last Seen Mon 14 Dec 2009 06:34:39 PM GMT Local ID d4520544-d0ed-42da-9830-8a46e98ea0a5 Line Numbers Raw Audit Messages node=(removed) type=AVC msg=audit(1260815679.187:27566): avc: denied { read } for pid=2203 comm="system-config-s" name="abrt.pid" dev=sda2 ino=4491 scontext=system_u:system_r:sambagui_t:s0-s0:c0.c1023 tcontext=system_u:object_r:abrt_var_run_t:s0 tclass=file node=(removed) type=SYSCALL msg=audit(1260815679.187:27566): arch=c000003e syscall=2 success=no exit=-13 a0=1c54950 a1=0 a2=1b6 a3=0 items=0 ppid=2202 pid=2203 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="system-config-s" exe="/usr/bin/python" subj=system_u:system_r:sambagui_t:s0-s0:c0.c1023 key=(null) Hash String generated from selinux-policy-3.6.32-56.fc12,catchall,system-config-s,sambagui_t,abrt_var_run_t,file,read audit2allow suggests: #============= sambagui_t ============== allow sambagui_t abrt_var_run_t:file read;
This was ok. There was only problen with adding samba user. floki@flokipa ~]$ /usr/bin/system-config-samba ERROR:dbus.proxies:Introspect error on :1.81:/org/fedoraproject/Config/Samba/Backend: dbus.exceptions.DBusException: org.freedesktop.DBus.Error.NoReply: Did not receive a reply. Possible causes include: the remote application did not send a reply, the message bus security policy blocked the reply, the reply timeout expired, or the network connection was broken. ------------- window for root password and then --------------- Traceback (most recent call last): File "/usr/bin/system-config-samba", line 53, in <module> mainWindow.MainWindow (debug_flag = debug_flag, use_dbus = use_dbus) File "/usr/share/system-config-samba/mainWindow.py", line 97, in __init__ self.samba_data = sambaConfig.SambaConfig (self.samba_backend) File "/usr/lib/python2.6/site-packages/scsamba/core/sambaConfig.py", line 29, in __init__ self.parseFile () File "/usr/lib/python2.6/site-packages/scsamba/core/sambaConfig.py", line 32, in parseFile return self.parse (self.backend.readSmbConf ()) File "/usr/lib/python2.6/site-packages/scsamba/dbus/proxy/sambaBackend.py", line 48, in readSmbConf return self.dbus_interface.readSmbConf () File "/usr/lib/python2.6/site-packages/dbus/proxies.py", line 68, in __call__ return self._proxy_method(*args, **keywords) File "/usr/lib/python2.6/site-packages/dbus/proxies.py", line 140, in __call__ **keywords) File "/usr/lib/python2.6/site-packages/dbus/connection.py", line 630, in call_blocking message, timeout) dbus.exceptions.DBusException: org.freedesktop.DBus.Error.NoReply: Did not receive a reply. Possible causes include: the remote application did not send a reply, the message bus security policy blocked the reply, the reply timeout expired, or the network connection was broken. [floki@flokipa ~]$
It appears I have a similar problem with system-config-samba not opening as a standard user, even after authenticating.
Fixed in selinux-policy-3.6.32-59.fc12.noarch
selinux-policy-3.6.32-59.fc12 has been submitted as an update for Fedora 12. http://admin.fedoraproject.org/updates/selinux-policy-3.6.32-59.fc12
selinux-policy-3.6.32-59.fc12 has been pushed to the Fedora 12 testing repository. If problems still persist, please make note of it in this bug report. If you want to test the update, you can install it with su -c 'yum --enablerepo=updates-testing update selinux-policy'. You can provide feedback for this update here: http://admin.fedoraproject.org/updates/F12/FEDORA-2009-13384
Now system-config-samba starts. Using selinux-policy-3.6.32-59.fc12.noarch but when adding sambauser then [floki@flokipa ~]$ system-config-samba Traceback (most recent call last): File "/usr/share/system-config-samba/addUserWin.py", line 174, in on_add_user_ok_button_clicked elif self.samba_backend.userExists(unix_name): File "/usr/lib/python2.6/site-packages/scsamba/dbus/proxy/sambaBackend.py", line 88, in userExists return self.dbus_interface.userExists (user) File "/usr/lib/python2.6/site-packages/dbus/proxies.py", line 140, in __call__ **keywords) File "/usr/lib/python2.6/site-packages/dbus/connection.py", line 630, in call_blocking message, timeout) dbus.exceptions.DBusException: org.freedesktop.DBus.Error.NoReply: Did not receive a reply. Possible causes include: the remote application did not send a reply, the message bus security policy blocked the reply, the reply timeout expired, or the network connection was broken. [floki@flokipa ~]$
There is same reply when selinux is in permisive mode. running system-config-samba root then it is possible to add samba user. No sealert.
Created attachment 379533 [details] selinux-policy-3.6.32-59.fc12 - sealert There is sealet for selinux-policy-3.6.32-59.fc12
You should open a new bug on the sambagui, since it is not abrt/selinux related. The last problem will be fixed in the next release of abrt and selinux.