Re: SELinux alert

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

On 09/24/2015 04:10 PM, Beartooth wrote:
> 
> 	The SELinux troubleshooter is telling me (for the first time 
> afaik) that something called console-kit-dae has tried five times to 
> write to /var/lib/dbus.
> 
> 	Details : 
> 
> 
> SELinux is preventing console-kit-dae from write access on the directory /
> var/lib/dbus.
> 
> *****  Plugin catchall (100. confidence) suggests   
> **************************
> 
> If you believe that console-kit-dae should be allowed write access on the 
> dbus directory by default.
> Then you should report this as a bug.
> You can generate a local policy module to allow this access.
> Do
> allow this access for now by executing:
> # grep console-kit-dae /var/log/audit/audit.log | audit2allow -M mypol
> # semodule -i mypol.pp
> 
> Additional Information:
> Source Context                system_u:system_r:consolekit_t:s0
> Target Context                system_u:object_r:system_dbusd_var_lib_t:s0
> Target Objects                /var/lib/dbus [ dir ]
> Source                        console-kit-dae
> Source Path                   console-kit-dae
> Port                          <Unknown>
> Host                          Hbsk4
> Source RPM Packages           
> Target RPM Packages           dbus-1.8.20-1.fc22.x86_64
> Policy RPM                    selinux-policy-3.13.1-128.13.fc22.noarch
> Selinux Enabled               True
> Policy Type                   targeted
> Enforcing Mode                Enforcing
> Host Name                     Hbsk4
> Platform                      Linux Hbsk4 4.1.5-200.fc22.x86_64 #1 SMP 
> Mon Aug
>                               10 23:38:23 UTC 2015 x86_64 x86_64
> Alert Count                   5
> First Seen                    2015-08-22 16:57:41 EDT
> Last Seen                     2015-09-24 10:00:03 EDT
> Local ID                      f6017525-2110-427d-9f74-831209b69ef1
> 
> Raw Audit Messages
> type=AVC msg=audit(1443103203.202:3670): avc:  denied  { write } for  
> pid=1482 comm="console-kit-dae" name="dbus" dev="dm-1" ino=2232648 
> scontext=system_u:system_r:consolekit_t:s0 
> tcontext=system_u:object_r:system_dbusd_var_lib_t:s0 tclass=dir 
> permissive=0
> 

It wants to create machine-id.* file. Could you please open a new bug
against selinux-policy component?

Thank you.

> 
> Hash: console-kit-dae,consolekit_t,system_dbusd_var_lib_t,dir,write
> 
> 	What I know of SELinux would go in a gnat's eye.
> 
> 	I'm running F22 with xfce.
> 
> 	What should I do??
> 


-- 
Miroslav Grepl
Senior Software Engineer, SELinux Solutions
Red Hat, Inc.
-- 
users mailing list
users@xxxxxxxxxxxxxxxxxxxxxxx
To unsubscribe or change subscription options:
https://admin.fedoraproject.org/mailman/listinfo/users
Fedora Code of Conduct: http://fedoraproject.org/code-of-conduct
Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines
Have a question? Ask away: http://ask.fedoraproject.org
[Index of Archives]     [Older Fedora Users]     [Fedora Announce]     [Fedora Package Announce]     [EPEL Announce]     [EPEL Devel]     [Fedora Magazine]     [Fedora Summer Coding]     [Fedora Laptop]     [Fedora Cloud]     [Fedora Advisory Board]     [Fedora Education]     [Fedora Security]     [Fedora Scitech]     [Fedora Robotics]     [Fedora Infrastructure]     [Fedora Websites]     [Anaconda Devel]     [Fedora Devel Java]     [Fedora Desktop]     [Fedora Fonts]     [Fedora Marketing]     [Fedora Management Tools]     [Fedora Mentors]     [Fedora Package Review]     [Fedora R Devel]     [Fedora PHP Devel]     [Kickstart]     [Fedora Music]     [Fedora Packaging]     [Fedora SELinux]     [Fedora Legal]     [Fedora Kernel]     [Fedora OCaml]     [Coolkey]     [Virtualization Tools]     [ET Management Tools]     [Yum Users]     [Yosemite News]     [Gnome Users]     [KDE Users]     [Fedora Art]     [Fedora Docs]     [Fedora Sparc]     [Libvirt Users]     [Fedora ARM]

  Powered by Linux