libreport version: 2.0.10 executable: /usr/bin/python2.7 hashmarkername: setroubleshoot kernel: 3.3.4-5.fc17.x86_64 time: Fri 18 May 2012 09:51:19 PM IDT description: :SELinux is preventing /usr/bin/dbus-daemon from read, write access on the file /home/elad/f17arm-latest-arm-rpi+x-mmcblk0.img. : :Tried to mount this image file as a read-only loop device using gnome disk utility : :***** Plugin catchall (100. confidence) suggests *************************** : :If you believe that dbus-daemon should be allowed read write access on the f17arm-latest-arm-rpi+x-mmcblk0.img file by default. :Then you should report this as a bug. :You can generate a local policy module to allow this access. :Do :allow this access for now by executing: :# grep dbus-daemon /var/log/audit/audit.log | audit2allow -M mypol :# semodule -i mypol.pp : :Additional Information: :Source Context system_u:system_r:system_dbusd_t:s0-s0:c0.c1023 :Target Context unconfined_u:object_r:user_home_t:s0 :Target Objects /home/elad/f17arm-latest-arm-rpi+x-mmcblk0.img [ : file ] :Source dbus-daemon :Source Path /usr/bin/dbus-daemon :Port <Unknown> :Host (removed) :Source RPM Packages dbus-1.4.10-4.fc17.x86_64 :Target RPM Packages :Policy RPM selinux-policy-3.10.0-121.fc17.noarch :Selinux Enabled True :Policy Type targeted :Enforcing Mode Enforcing :Host Name (removed) :Platform Linux (removed) 3.3.4-5.fc17.x86_64 #1 SMP Mon May : 7 17:29:34 UTC 2012 x86_64 x86_64 :Alert Count 1 :First Seen Fri 18 May 2012 09:48:06 PM IDT :Last Seen Fri 18 May 2012 09:48:06 PM IDT :Local ID dd72eb9c-44c1-44a7-8610-1da835bda323 : :Raw Audit Messages :type=AVC msg=audit(1337366886.477:145): avc: denied { read write } for pid=544 comm="dbus-daemon" path="/home/elad/f17arm-latest-arm-rpi+x-mmcblk0.img" dev="sda5" ino=521769 scontext=system_u:system_r:system_dbusd_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:user_home_t:s0 tclass=file : : :type=SYSCALL msg=audit(1337366886.477:145): arch=x86_64 syscall=recvmsg success=yes exit=200 a0=39 a1=7fff91b38a80 a2=40000000 a3=0 items=0 ppid=1 pid=544 auid=4294967295 uid=81 gid=81 euid=81 suid=81 fsuid=81 egid=81 sgid=81 fsgid=81 tty=(none) ses=4294967295 comm=dbus-daemon exe=/usr/bin/dbus-daemon subj=system_u:system_r:system_dbusd_t:s0-s0:c0.c1023 key=(null) : :Hash: dbus-daemon,system_dbusd_t,user_home_t,file,read,write : :audit2allowunable to open /sys/fs/selinux/policy: Permission denied : : :audit2allow -Runable to open /sys/fs/selinux/policy: Permission denied : :
This is strange. I have no idea how dbus-daemon and this image file would even be related.
I think David Zeuthen might have an idea cause he is the one who implemented that feature in GNOME Disk Utility.
Ok we had a similar access for files without labels. It seems the dbus is passing open file descriptors to content around the system. So far I have added user home files and files without labels. I guess these files could be anywhere on the system.
Fixed in selinux-policy-3.10.0-126.fc17
selinux-policy-3.10.0-128.fc17 has been submitted as an update for Fedora 17. https://admin.fedoraproject.org/updates/selinux-policy-3.10.0-128.fc17
Package selinux-policy-3.10.0-128.fc17: * should fix your issue, * was pushed to the Fedora 17 testing repository, * should be available at your local mirror within two days. Update it with: # su -c 'yum update --enablerepo=updates-testing selinux-policy-3.10.0-128.fc17' as soon as you are able to. Please go to the following url: https://admin.fedoraproject.org/updates/FEDORA-2012-8720/selinux-policy-3.10.0-128.fc17 then log in and leave karma (feedback).
selinux-policy-3.10.0-128.fc17 has been pushed to the Fedora 17 stable repository. If problems still persist, please make note of it in this bug report.