This should affect fedora 14 also..

+++ This bug was initially created as a clone of Bug #631523 +++

Created attachment 445773 [details]
audit.log

Description of problem:
This is tested using VMware Workstation 7.1.1 but applies to all the VMware products, this also applies to Fedora 13.


Version-Release number of selected component (if applicable):


How reproducible:
All the time.

Steps to Reproduce:
Using VMware Workstatino 7.1
1.Install RHEL6 in a VM.
2.Install tools after OS installation is complete.
3.Suspend the VM with the option or run the suspend script.

  
Actual results:
The VM does not suspend immediately. 
When the suspend command is issued, vmtoolsd which runs inside the VM executes the suspend script and the suspend script quiesces the networkmanager and brings down the network interfaces. But the dbus-send is unable to talk to the network-manager.

I shouldn't be able to see the process tree of when this happens... but I am able to see this.

oot 9918 0.0 0.3 60428 3108 ? Sl Jul30 2:40 /usr/sbin/vmtoolsd
root 26001 0.3 0.1 108136 1340 ? S 14:59 0:00 \_ /bin/sh /etc/vmware-tools/suspend-vm-default
root 26011 0.3 0.1 108400 1344 ? S 14:59 0:00 \_ /bin/sh /etc/vmware-tools/suspend-vm-default
root 26027 0.3 0.1 108396 1668 ? S 14:59 0:00 \_ /bin/bash ./ifdown ifcfg-lo
root 26033 0.0 0.0 108396 888 ? S 14:59 0:00 \_ /bin/bash ./ifdown ifcfg-lo
root 26034 0.3 0.1 51632 1976 ? S 14:59 0:00 \_ nmcli -t --fields running nm status
[root@localhost tmp]# strace -p 26034
Process 26034 attached - interrupt to quit
restart_syscall(<... resuming interrupted call ...>) = 0
writev(5, [{"l\1\0\1.\0\0\0\17\0\0\0\220\0\0\0\1\1o\0\37\0\0\0/org/fre"..., 160}, {"\36\0\0\0org.freedesktop.NetworkManag"..., 46}], 2) = 206
poll([{fd=5, events=POLLIN}], 1, 15000) = 0 (Timeout)
fstat(1, {st_mode=S_IFIFO|0600, st_size=0, ...}) = 0
mmap(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f83a295a000
writev(5, [{"l\1\1\1\214\0\0\0\20\0\0\0\177\0\0\0\1\1o\0\25\0\0\0/org/fre"..., 144}, {"\207\0\0\0type='signal',sender='org.fr"..., 140}], 2) = 284
writev(5, [{"l\1\1\1\256\0\0\0\21\0\0\0\177\0\0\0\1\1o\0\25\0\0\0/org/fre"..., 144}, {"\251\0\0\0type='signal',sender='org.fr"..., 174}], 2) = 318
writev(5, [{"l\1\1\1n\0\0\0\22\0\0\0\177\0\0\0\1\1o\0\25\0\0\0/org/fre"..., 144}, {"i\0\0\0type='signal',sender='org.fr"..., 110}], 2) = 254
writev(5, [{"l\1\1\1\244\0\0\0\23\0\0\0\177\0\0\0\1\1o\0\25\0\0\0/org/fre"..., 144}, {"\237\0\0\0type='signal',sender='org.fr"..., 164}], 2) = 308
writev(5, [{"l\1\1\1\215\0\0\0\24\0\0\0\177\0\0\0\1\1o\0\25\0\0\0/org/fre"..., 144}, {"\210\0\0\0type='signal',sender='org.fr"..., 141}], 2) = 285
writev(5, [{"l\1\1\1\256\0\0\0\25\0\0\0\177\0\0\0\1\1o\0\25\0\0\0/org/fre"..., 144}, {"\251\0\0\0type='signal',sender='org.fr"..., 174}], 2) = 318
write(1, "running\n", 8) = 8
exit_group(0) = ?
Process 26034 detached



Expected results:
The VM should have suspended immediately.

Additional info:
To work around this.
1. I copied over just the single line in audit.log that has to do with dbus-send... see audit.log attached in the bug report.
2. cat /tmp/audit.log | audit2allow -M vmwareToolsSuspendResume 
3. semodule -i vmwareToolsSuspendResume.pp

so after this policy was installed the suspend resume script started working again.


the local.te file is

module vmwareToolsSuspendResume 1.0;

require {
	type NetworkManager_t;
	type init_t;
	class dbus send_msg;
}

#============= NetworkManager_t ==============

allow NetworkManager_t init_t:dbus send_msg;

--- Additional comment from dwalsh on 2010-09-08 11:20:34 EDT ---

Miroslav add

	init_dbus_chat(NetworkManager_t)