Bug 964068 - SELinux is preventing /usr/bin/dbus-daemon from 'read' accesses on the directory /home/nitesh/Pictures.
SELinux is preventing /usr/bin/dbus-daemon from 'read' accesses on the direct...
Product: Fedora
Classification: Fedora
Component: selinux-policy (Show other bugs)
x86_64 Unspecified
unspecified Severity unspecified
: ---
: ---
Assigned To: Miroslav Grepl
Fedora Extras Quality Assurance
Depends On:
  Show dependency treegraph
Reported: 2013-05-17 04:06 EDT by Niteshwar Shukla
Modified: 2013-10-25 09:11 EDT (History)
5 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Last Closed: 2013-10-25 09:11:14 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)

  None (edit)
Description Niteshwar Shukla 2013-05-17 04:06:04 EDT
Description of problem:
SELinux is preventing /usr/bin/dbus-daemon from 'read' accesses on the directory /home/nitesh/Pictures.

*****  Plugin catchall (100. confidence) suggests  ***************************

If you believe that dbus-daemon should be allowed read access on the Pictures directory by default.
Then you should report this as a bug.
You can generate a local policy module to allow this access.
allow this access for now by executing:
# grep dbus-daemon /var/log/audit/audit.log | audit2allow -M mypol
# semodule -i mypol.pp

Additional Information:
Source Context                system_u:system_r:system_dbusd_t:s0-s0:c0.c1023
Target Context                unconfined_u:object_r:user_home_t:s0
Target Objects                /home/nitesh/Pictures [ dir ]
Source                        dbus-daemon
Source Path                   /usr/bin/dbus-daemon
Port                          <Unknown>
Host                          (removed)
Source RPM Packages           dbus-1.6.8-2.fc18.x86_64
Target RPM Packages           
Policy RPM                    selinux-policy-3.11.1-92.fc18.noarch
Selinux Enabled               True
Policy Type                   targeted
Enforcing Mode                Enforcing
Host Name                     (removed)
Platform                      Linux (removed) 3.8.11-200.fc18.x86_64 #1 SMP Wed
                              May 1 19:44:27 UTC 2013 x86_64 x86_64
Alert Count                   1
First Seen                    2013-05-17 13:33:19 IST
Last Seen                     2013-05-17 13:33:19 IST
Local ID                      2af6e65d-bb2f-4b2d-9afa-440e8b2d84ca

Raw Audit Messages
type=AVC msg=audit(1368777799.554:457): avc:  denied  { read } for  pid=632 comm="dbus-daemon" path="/home/nitesh/Pictures" dev="dm-2" ino=1048595 scontext=system_u:system_r:system_dbusd_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:user_home_t:s0 tclass=dir

type=SYSCALL msg=audit(1368777799.554:457): arch=x86_64 syscall=recvmsg success=yes exit=200 a0=2c a1=7fff73a2bdd0 a2=40000000 a3=0 items=0 ppid=1 pid=632 auid=4294967295 uid=81 gid=81 euid=81 suid=81 fsuid=81 egid=81 sgid=81 fsgid=81 ses=4294967295 tty=(none) comm=dbus-daemon exe=/usr/bin/dbus-daemon subj=system_u:system_r:system_dbusd_t:s0-s0:c0.c1023 key=(null)

Hash: dbus-daemon,system_dbusd_t,user_home_t,dir,read


#============= system_dbusd_t ==============
allow system_dbusd_t user_home_t:dir read;

audit2allow -R
require {
	type system_dbusd_t;

#============= system_dbusd_t ==============

Additional info:
hashmarkername: setroubleshoot
kernel:         3.8.11-200.fc18.x86_64
type:           libreport
Comment 1 Daniel Walsh 2013-05-17 08:17:06 EDT
Any idea why the system bus would be listing the content of the Pictures directory in your homedir?
Comment 2 Miroslav Grepl 2013-05-22 03:29:15 EDT
Also do you know what you were doing when this happened?
Comment 3 Niteshwar Shukla 2013-05-22 08:50:41 EDT
When i am accessing the Picture Folder through Top Pan in Meta Desktop,this problem is occured in my laptop.
Comment 4 Daniel Walsh 2013-05-22 14:38:18 EDT
Is your uid 81?  or is this the UID of the Top Pan app?

Note You need to log in before you can comment on or make changes to this bug.