Summary: SELinux is preventing /usr/bin/chsh "write" access on /var/run/dbus/system_bus_socket. Detailed Description: [SELinux is in permissive mode. This access was not denied.] SELinux denied access requested by chsh. It is not expected that this access is required by chsh and this access may signal an intrusion attempt. It is also possible that the specific version or configuration of the application is causing it to require additional access. Allowing Access: You can generate a local policy module to allow this access - see FAQ (http://docs.fedoraproject.org/selinux-faq-fc5/#id2961385) Please file a bug report. Additional Information: Source Context staff_u:staff_r:chfn_t:s0 Target Context system_u:object_r:system_dbusd_var_run_t:s0 Target Objects /var/run/dbus/system_bus_socket [ sock_file ] Source chsh Source Path /usr/bin/chsh Port <Unknown> Host (removed) Source RPM Packages util-linux-ng-2.18-4.fc14 Target RPM Packages Policy RPM selinux-policy-3.9.0-2.fc14 Selinux Enabled True Policy Type targeted Enforcing Mode Permissive Plugin Name catchall Host Name (removed) Platform Linux (removed) 2.6.35.4-12.fc14.x86_64 #1 SMP Fri Aug 27 07:45:05 UTC 2010 x86_64 x86_64 Alert Count 3 First Seen Fri 03 Sep 2010 03:11:54 AM EDT Last Seen Fri 03 Sep 2010 03:12:02 AM EDT Local ID 7ef24d61-985c-46c0-a500-2a3cfff78ce6 Line Numbers Raw Audit Messages node=(removed) type=AVC msg=audit(1283497922.605:26623): avc: denied { write } for pid=15441 comm="chsh" name="system_bus_socket" dev=dm-1 ino=164 scontext=staff_u:staff_r:chfn_t:s0 tcontext=system_u:object_r:system_dbusd_var_run_t:s0 tclass=sock_file node=(removed) type=SYSCALL msg=audit(1283497922.605:26623): arch=c000003e syscall=42 success=yes exit=0 a0=3 a1=7fff74199ca0 a2=21 a3=6e75722f7261762f items=0 ppid=15405 pid=15441 auid=500 uid=500 gid=500 euid=0 suid=0 fsuid=0 egid=500 sgid=500 fsgid=500 tty=pts0 ses=3 comm="chsh" exe="/usr/bin/chsh" subj=staff_u:staff_r:chfn_t:s0 key=(null) Hash String generated from catchall,chsh,chfn_t,system_dbusd_var_run_t,sock_file,write audit2allow suggests: #============= chfn_t ============== allow chfn_t system_dbusd_var_run_t:sock_file write;
What tool were you using when you saw this happen? accountsdialog?
Nope, i used chsh.
What does id -Z show? Do you have a leak of system_dbusd_var_run_t into your session?
staff_u:staff_r:staff_t:s0 staff_u user s0 s0-s0:c0.c1023 staff_r sysadm_r system_r unconfined_r I don't have any other system_dbusd_var_run_t AVC or anything related to dbus right now.
Well I will reassign to util-linux to see if those guys have any idea.
chsh uses PAM, what do you have in your /etc/pam.d/{chsh,system-auth} ?
chsh : #%PAM-1.0 auth sufficient pam_rootok.so auth include system-auth account include system-auth password include system-auth session include system-auth system-auth : #%PAM-1.0 # This file is auto-generated. # User changes will be destroyed the next time authconfig is run. auth required pam_env.so auth sufficient pam_fprintd.so auth sufficient pam_unix.so nullok try_first_pass auth requisite pam_succeed_if.so uid >= 500 quiet auth required pam_deny.so account required pam_unix.so account sufficient pam_localuser.so account sufficient pam_succeed_if.so uid < 500 quiet account required pam_permit.so password requisite pam_cracklib.so try_first_pass retry=3 type= password sufficient pam_unix.so sha512 shadow nullok try_first_pass use_authtok password required pam_deny.so session optional pam_keyinit.so revoke session required pam_limits.so session [success=1 default=ignore] pam_succeed_if.so service in crond quiet use_uid session required pam_unix.so
$ ldd /lib64/security/pam_fprintd.so | grep dbus libdbus-glib-1.so.2 => /usr/lib64/libdbus-glib-1.so.2 (0x00007ffc43852000) libdbus-1.so.3 => /lib64/libdbus-1.so.3 (0x00007ffc4360d000)
Fixed in selinux-policy-3.9.3-1.fc14
selinux-policy-3.9.3-1.fc14 has been submitted as an update for Fedora 14. https://admin.fedoraproject.org/updates/selinux-policy-3.9.3-1.fc14
selinux-policy-3.9.3-1.fc14 has been pushed to the Fedora 14 testing repository. If problems still persist, please make note of it in this bug report. If you want to test the update, you can install it with su -c 'yum --enablerepo=updates-testing update selinux-policy'. You can provide feedback for this update here: https://admin.fedoraproject.org/updates/selinux-policy-3.9.3-1.fc14
selinux-policy-3.9.3-1.fc14 has been pushed to the Fedora 14 stable repository. If problems still persist, please make note of it in this bug report.