Summary: SELinux is preventing /bin/dbus-daemon from executing /usr/share/sampler/tray/tray. Detailed Description: SELinux has denied the dbus-daemon from executing /usr/share/sampler/tray/tray. If dbus-daemon is supposed to be able to execute /usr/share/sampler/tray/tray, this could be a labeling problem. Most confined domains are allowed to execute files labeled bin_t. So you could change the labeling on this file to bin_t and retry the application. If this dbus-daemon is not supposed to execute /usr/share/sampler/tray/tray, this could signal an intrusion attempt. Allowing Access: If you want to allow dbus-daemon to execute /usr/share/sampler/tray/tray: chcon -t bin_t '/usr/share/sampler/tray/tray' If this fix works, please update the file context on disk, with the following command: semanage fcontext -a -t bin_t '/usr/share/sampler/tray/tray' Please specify the full path to the executable, Please file a bug report to make sure this becomes the default labeling. Additional Information: Source Context xguest_u:xguest_r:xguest_dbusd_t:s0 Target Context system_u:object_r:usr_t:s0 Target Objects /usr/share/sampler/tray/tray [ file ] Source dbus-daemon Source Path /bin/dbus-daemon Port <Unknown> Host (removed) Source RPM Packages dbus-1.2.16-9.fc12 Target RPM Packages sampler-1.7.3-1 Policy RPM selinux-policy-3.6.32-121.fc12 Selinux Enabled True Policy Type targeted Enforcing Mode Enforcing Plugin Name execute Host Name (removed) Platform Linux (removed) 2.6.32.21-166.fc12.i686.PAE #1 SMP Fri Aug 27 06:33:34 UTC 2010 i686 athlon Alert Count 1 First Seen Sun 19 Sep 2010 11:24:31 AM EDT Last Seen Sun 19 Sep 2010 11:24:31 AM EDT Local ID 785e02d8-b42f-4fad-9986-4258dc34a1ba Line Numbers Raw Audit Messages node=(removed) type=AVC msg=audit(1284909871.386:30618): avc: denied { execute } for pid=5531 comm="dbus-daemon" name="tray" dev=sda5 ino=1444391 scontext=xguest_u:xguest_r:xguest_dbusd_t:s0 tcontext=system_u:object_r:usr_t:s0 tclass=file node=(removed) type=SYSCALL msg=audit(1284909871.386:30618): arch=40000003 syscall=11 success=no exit=-13 a0=1369768 a1=136d0d0 a2=136d458 a3=136d828 items=0 ppid=5530 pid=5531 auid=501 uid=501 gid=501 euid=501 suid=501 fsuid=501 egid=501 sgid=501 fsgid=501 tty=(none) ses=4 comm="dbus-daemon" exe="/bin/dbus-daemon" subj=xguest_u:xguest_r:xguest_dbusd_t:s0 key=(null) Hash String generated from execute,dbus-daemon,xguest_dbusd_t,usr_t,file,execute audit2allow suggests: #============= xguest_dbusd_t ============== allow xguest_dbusd_t usr_t:file execute;
Where does sampler come from? Does it work if you execute chcon -t bin_t '/usr/share/sampler/tray/tray'
(In reply to comment #1) > Where does sampler come from? $ rpm --query --whatprovides /usr/share/sampler/tray/tray sampler-1.7.3-1.i686 $ rpm -qi sampler Name : sampler Relocations: (not relocatable) Version : 1.7.3 Vendor: University of Wisconsin-Madison Release : 1 Build Date: Tue Jul 20 17:17:51 2010 Install Date: Wed Sep 1 23:20:54 2010 Build Host: localhost.localdomain Group : Applications/System Source RPM: sampler-1.7.3-1.src.rpm Size : 119023 License: BSD Signature : DSA/SHA1, Tue Jul 20 17:38:17 2010, Key ID 3003c817613d2fc6 Packager : Ben Liblit <liblit.edu> URL : http://www.cs.wisc.edu/cbi/ Summary : Support for applications with sampled instrumentation Description : This package supports instrumented applications at run time. It includes tools for launching instrumented applications, collecting sample and crash reports, and uploading those reports to the central bug isolation server. > Does it work if you execute > chcon -t bin_t '/usr/share/sampler/tray/tray' Yes, I believe the problem occurred when a friend logged into the xguest account. After executing the above command, logging into the xguest account did not produce the error.
Fixed in selinux-policy-3.6.32-123.fc12.
selinux-policy-3.6.32-123.fc12 has been submitted as an update for Fedora 12. https://admin.fedoraproject.org/updates/selinux-policy-3.6.32-123.fc12
selinux-policy-3.6.32-123.fc12 has been pushed to the Fedora 12 testing repository. If problems still persist, please make note of it in this bug report. If you want to test the update, you can install it with su -c 'yum --enablerepo=updates-testing update selinux-policy'. You can provide feedback for this update here: https://admin.fedoraproject.org/updates/selinux-policy-3.6.32-123.fc12
selinux-policy-3.6.32-123.fc12 has been pushed to the Fedora 12 stable repository. If problems still persist, please make note of it in this bug report.