Additional info: libreport version: 2.0.13 kernel: 3.6.0-0.rc4.git2.1.fc18.x86_64 description: :SELinux is preventing /usr/bin/dbus-daemon from read, write access on the blk_file /dev/sdd. : :Tried to benchmark an sdcard using gnome-disk-utility : :***** Plugin catchall (100. confidence) suggests *************************** : :If you believe that dbus-daemon should be allowed read write access on the sdd blk_file by default. :Then you should report this as a bug. :You can generate a local policy module to allow this access. :Do :allow this access for now by executing: :# grep dbus-daemon /var/log/audit/audit.log | audit2allow -M mypol :# semodule -i mypol.pp : :Additional Information: :Source Context system_u:system_r:system_dbusd_t:s0-s0:c0.c1023 :Target Context system_u:object_r:fixed_disk_device_t:s0 :Target Objects /dev/sdd [ blk_file ] :Source dbus-daemon :Source Path /usr/bin/dbus-daemon :Port <Unknown> :Host (removed) :Source RPM Packages dbus-1.6.0-2.fc18.x86_64 :Target RPM Packages :Policy RPM selinux-policy-3.11.1-16.fc18.noarch :Selinux Enabled True :Policy Type targeted :Enforcing Mode Enforcing :Host Name (removed) :Platform Linux (removed) 3.6.0-0.rc4.git2.1.fc18.x86_64 #1 : SMP Fri Sep 7 12:36:02 UTC 2012 x86_64 x86_64 :Alert Count 1 :First Seen 2012-09-11 15:17:09 CEST :Last Seen 2012-09-11 15:17:09 CEST :Local ID ecd84a4a-a35b-4501-b500-98a5c85a579d : :Raw Audit Messages :type=AVC msg=audit(1347369429.113:69): avc: denied { read write } for pid=483 comm="dbus-daemon" path="/dev/sdd" dev="devtmpfs" ino=34721 scontext=system_u:system_r:system_dbusd_t:s0-s0:c0.c1023 tcontext=system_u:object_r:fixed_disk_device_t:s0 tclass=blk_file : : :type=SYSCALL msg=audit(1347369429.113:69): arch=x86_64 syscall=recvmsg success=yes exit=ENOSTR a0=21 a1=7fff80967aa0 a2=40000000 a3=0 items=0 ppid=1 pid=483 auid=4294967295 uid=81 gid=81 euid=81 suid=81 fsuid=81 egid=81 sgid=81 fsgid=81 tty=(none) ses=4294967295 comm=dbus-daemon exe=/usr/bin/dbus-daemon subj=system_u:system_r:system_dbusd_t:s0-s0:c0.c1023 key=(null) : :Hash: dbus-daemon,system_dbusd_t,fixed_disk_device_t,blk_file,read,write : :audit2allow : :#============= system_dbusd_t ============== :allow system_dbusd_t fixed_disk_device_t:blk_file { read write }; : :audit2allow -R : :#============= system_dbusd_t ============== :allow system_dbusd_t fixed_disk_device_t:blk_file { read write }; :
Created attachment 611768 [details] File: type
Created attachment 611769 [details] File: hashmarkername
Do you know what you were doing when this happened?
As I've written in the report, I tried to benchmark an sdcard using gnome-disk-utility (this line is easily missed because I appended it manually when the report was shown on the screen, and ABRT does not distinguish between machine generated and user-written data in the bugzilla output) -- Fedora Bugzappers volunteer triage team https://fedoraproject.org/wiki/BugZappers
I apologize, I missed this. Thank you.
Colin any ideas? Is this dbus being used to pass an open file descriptor?
(In reply to comment #6) > Colin any ideas? Is this dbus being used to pass an open file descriptor? Very likely, yes - my guess is specifically between gnome-disk-utility and udisks.
Elad did it work? Or did SELinux break it. Looks like the syscalls are returning success. "success=true"
It did not work, I got an error "Message did not receive a reply (timeout by message bus) (g-dbus-error-quark, 4)" -- Fedora Bugzappers volunteer triage team https://fedoraproject.org/wiki/BugZappers
Ok if you put the machine into permissive mode does it work?
Steven or Eric would the kernel get involved here and close the socket?
(In reply to comment #6) > Colin any ideas? Is this dbus being used to pass an open file descriptor? In general any D-Bus application can pass any file descriptor to any file to any other D-Bus application. In this case the desktop application GNOME Disks is calling this method http://udisks.freedesktop.org/docs/latest/gdbus-org.freedesktop.UDisks2.Block.html#gdbus-method-org-freedesktop-UDisks2-Block.OpenForBackup So in this specific case, you need to change SELinux so it doesn't complain when udisks is passing a file descriptor for a block device. I remember filing bugs about this a couple of times (but I don't have the bug numbers handy), not sure why it keeps popping up.
(In reply to comment #12) > (In reply to comment #6) > > Colin any ideas? Is this dbus being used to pass an open file descriptor? > > In general any D-Bus application can pass any file descriptor to any file to > any other D-Bus application. > > In this case the desktop application GNOME Disks is calling this method > > http://udisks.freedesktop.org/docs/latest/gdbus-org.freedesktop.UDisks2. > Block.html#gdbus-method-org-freedesktop-UDisks2-Block.OpenForBackup Actually as per comment 4, this is the method that selinux is interfering with http://udisks.freedesktop.org/docs/latest/gdbus-org.freedesktop.UDisks2.Block.html#gdbus-method-org-freedesktop-UDisks2-Block.OpenForBenchmark
Any chance the selinux policy for this will get fixed anytime soon? It's quite annoying being forced to used permissive mode. Thanks.
I would like to know if this is still happening with the latest policy.
(In reply to comment #15) > I would like to know if this is still happening with the latest policy. Which version do you mean with "the latest policy"? This bug happened to me today with a Fedora 18 installation updated as late as today. Adding the "mypol" workaround works.
I upgraded selinux-policy-*-3.11.1-44.fc18 directly from koji to really get the latest versions. Still no cigar.
Fixed in selinux-policy-3.11.1-45.fc18.noarch
selinux-policy-3.11.1-46.fc18 has been submitted as an update for Fedora 18. https://admin.fedoraproject.org/updates/selinux-policy-3.11.1-46.fc18
Package selinux-policy-3.11.1-46.fc18: * should fix your issue, * was pushed to the Fedora 18 testing repository, * should be available at your local mirror within two days. Update it with: # su -c 'yum update --enablerepo=updates-testing selinux-policy-3.11.1-46.fc18' as soon as you are able to. Please go to the following url: https://admin.fedoraproject.org/updates/FEDORA-2012-16862/selinux-policy-3.11.1-46.fc18 then log in and leave karma (feedback).
selinux-policy-3.11.1-46.fc18 has been pushed to the Fedora 18 stable repository. If problems still persist, please make note of it in this bug report.
I think this is on ongoing issue. with # setenforce 1 I'm still getting "An error occurred. Message did not receive a reply (timeout by message bus) (g-dbus-error-quark, 4)" # setenforce 0 allows the benchmark to run successfully. I have updated to selinux-policy-3.11.1-87.fc18.noarch but have not rebooted since 2013-apr-8. # uname -a Linux localhost.localdomain 3.8.5-201.fc18.x86_64 #1 SMP Thu Mar 28 21:01:19 UTC 2013 x86_64 x86_64 x86_64 GNU/Linux
What AVC msgs are you getting?