On 07/30/2015 04:54 PM, Orion Poplawski wrote: > On 07/30/2015 11:57 AM, Lennart Poettering wrote: >> Heya! >> >> I'd like to ask everybody to test kdbus on Rawhide. Josh thankfully >> added it to the Rawhide kernel packages, and our systemd RPMs come >> with built-in support, too now. If you are running an up-to-date >> Rawhide system adding "kdbus=1" to your kernel command line is hence >> everything you need to run kdbus instead of dbus-daemon. (No >> additional RPMs need to be installed.) If you do, things should just >> work the same way as before, if we did everything right. By adding or >> dropping "kdbus=1" to/from the command line you can enable kdbus or >> revert back to dbus1 on each individual boot. > > What I see: > Also plenty of AVC denials. Looks like there's no label yet for the kdbus filesystem? Jul 30 16:31:33 vmrawhide audit: AVC avc: denied { read write } for pid=698 comm="systemd-logind" name="bus" dev="kdbusfs" ino=4 scontext=system_u:system_r:systemd_logind_t:s0 tcontext=system_u:object_r:unlabeled_t:s0 tclass=file permissive=1 Jul 30 16:31:33 vmrawhide audit: AVC avc: denied { open } for pid=698 comm="systemd-logind" path="/sys/fs/kdbus/0-system/bus" dev="kdbusfs" ino=4 scontext=system_u:system_r:systemd_logind_t:s0 tcontext=system_u:object_r:unlabeled_t:s0 tclass=file permissive=1 Jul 30 16:31:33 vmrawhide audit: AVC avc: denied { ioctl } for pid=698 comm="systemd-logind" path="/sys/fs/kdbus/0-system/bus" dev="kdbusfs" ino=4 scontext=system_u:system_r:systemd_logind_t:s0 tcontext=system_u:object_r:unlabeled_t:s0 tclass=file permissive=1 Jul 30 16:31:34 vmrawhide audit: AVC avc: denied { ioctl } for pid=698 comm="systemd-logind" path="/sys/fs/kdbus/0-system/bus" dev="kdbusfs" ino=4 scontext=system_u:system_r:systemd_logind_t:s0 tcontext=system_u:object_r:unlabeled_t:s0 tclass=file permissive=1 Jul 30 16:31:40 vmrawhide audit: AVC avc: denied { ioctl } for pid=698 comm="systemd-logind" path="/sys/fs/kdbus/0-system/bus" dev="kdbusfs" ino=4 scontext=system_u:system_r:systemd_logind_t:s0 tcontext=system_u:object_r:unlabeled_t:s0 tclass=file permissive=1 Jul 30 16:31:45 vmrawhide audit: AVC avc: denied { ioctl } for pid=698 comm="systemd-logind" path="/sys/fs/kdbus/0-system/bus" dev="kdbusfs" ino=4 scontext=system_u:system_r:systemd_logind_t:s0 tcontext=system_u:object_r:unlabeled_t:s0 tclass=file permissive=1 Jul 30 16:31:45 vmrawhide audit: AVC avc: denied { ioctl } for pid=698 comm="systemd-logind" path="/sys/fs/kdbus/0-system/bus" dev="kdbusfs" ino=4 scontext=system_u:system_r:systemd_logind_t:s0 tcontext=system_u:object_r:unlabeled_t:s0 tclass=file permissive=1 Jul 30 16:31:45 vmrawhide audit: AVC avc: denied { ioctl } for pid=698 comm="systemd-logind" path="/sys/fs/kdbus/0-system/bus" dev="kdbusfs" ino=4 scontext=system_u:system_r:systemd_logind_t:s0 tcontext=system_u:object_r:unlabeled_t:s0 tclass=file permissive=1 Jul 30 16:31:49 vmrawhide audit: AVC avc: denied { read write } for pid=1184 comm="sddm-helper" name="bus" dev="kdbusfs" ino=4 scontext=system_u:system_r:xdm_t:s0-s0:c0.c1023 tcontext=system_u:object_r:unlabeled_t:s0 tclass=file permissive=1 Jul 30 16:31:49 vmrawhide audit: AVC avc: denied { open } for pid=1184 comm="sddm-helper" path="/sys/fs/kdbus/0-system/bus" dev="kdbusfs" ino=4 scontext=system_u:system_r:xdm_t:s0-s0:c0.c1023 tcontext=system_u:object_r:unlabeled_t:s0 tclass=file permissive=1 Jul 30 16:31:49 vmrawhide audit: AVC avc: denied { ioctl } for pid=1184 comm="sddm-helper" path="/sys/fs/kdbus/0-system/bus" dev="kdbusfs" ino=4 scontext=system_u:system_r:xdm_t:s0-s0:c0.c1023 tcontext=system_u:object_r:unlabeled_t:s0 tclass=file permissive=1 Jul 30 16:31:49 vmrawhide audit: AVC avc: denied { ioctl } for pid=698 comm="systemd-logind" path="/sys/fs/kdbus/0-system/bus" dev="kdbusfs" ino=4 scontext=system_u:system_r:systemd_logind_t:s0 tcontext=system_u:object_r:unlabeled_t:s0 tclass=file permissive=1 Jul 30 16:33:03 vmrawhide audit: AVC avc: denied { ioctl } for pid=698 comm="systemd-logind" path="/sys/fs/kdbus/0-system/bus" dev="kdbusfs" ino=4 scontext=system_u:system_r:systemd_logind_t:s0 tcontext=system_u:object_r:unlabeled_t:s0 tclass=file permissive=1 Jul 30 16:41:28 vmrawhide audit: AVC avc: denied { ioctl } for pid=698 comm="systemd-logind" path="/sys/fs/kdbus/0-system/bus" dev="kdbusfs" ino=4 scontext=system_u:system_r:systemd_logind_t:s0 tcontext=system_u:object_r:unlabeled_t:s0 tclass=file permissive=1 Jul 30 16:47:02 vmrawhide audit: AVC avc: denied { read write } for pid=5541 comm="sshd" name="bus" dev="kdbusfs" ino=4 scontext=system_u:system_r:sshd_t:s0-s0:c0.c1023 tcontext=system_u:object_r:unlabeled_t:s0 tclass=file permissive=1 Jul 30 16:47:02 vmrawhide audit: AVC avc: denied { open } for pid=5541 comm="sshd" path="/sys/fs/kdbus/0-system/bus" dev="kdbusfs" ino=4 scontext=system_u:system_r:sshd_t:s0-s0:c0.c1023 tcontext=system_u:object_r:unlabeled_t:s0 tclass=file permissive=1 Jul 30 16:47:02 vmrawhide audit: AVC avc: denied { ioctl } for pid=5541 comm="sshd" path="/sys/fs/kdbus/0-system/bus" dev="kdbusfs" ino=4 scontext=system_u:system_r:sshd_t:s0-s0:c0.c1023 tcontext=system_u:object_r:unlabeled_t:s0 tclass=file permissive=1 Jul 30 16:47:02 vmrawhide audit: AVC avc: denied { ioctl } for pid=698 comm="systemd-logind" path="/sys/fs/kdbus/0-system/bus" dev="kdbusfs" ino=4 scontext=system_u:system_r:systemd_logind_t:s0 tcontext=system_u:object_r:unlabeled_t:s0 tclass=file permissive=1 Jul 30 16:47:03 vmrawhide audit: AVC avc: denied { ioctl } for pid=698 comm="systemd-logind" path="/sys/fs/kdbus/0-system/bus" dev="kdbusfs" ino=4 scontext=system_u:system_r:systemd_logind_t:s0 tcontext=system_u:object_r:unlabeled_t:s0 tclass=file permissive=1 Jul 30 16:47:03 vmrawhide audit: AVC avc: denied { read write } for pid=5541 comm="sshd" name="control" dev="kdbusfs" ino=2 scontext=system_u:system_r:sshd_t:s0-s0:c0.c1023 tcontext=system_u:object_r:unlabeled_t:s0 tclass=file permissive=1 Jul 30 16:47:03 vmrawhide audit: AVC avc: denied { open } for pid=5541 comm="sshd" path="/sys/fs/kdbus/control" dev="kdbusfs" ino=2 scontext=system_u:system_r:sshd_t:s0-s0:c0.c1023 tcontext=system_u:object_r:unlabeled_t:s0 tclass=file permissive=1 Jul 30 16:47:03 vmrawhide audit: AVC avc: denied { ioctl } for pid=5541 comm="sshd" path="/sys/fs/kdbus/control" dev="kdbusfs" ino=2 scontext=system_u:system_r:sshd_t:s0-s0:c0.c1023 tcontext=system_u:object_r:unlabeled_t:s0 tclass=file permissive=1 Jul 30 16:50:35 vmrawhide audit: AVC avc: denied { read write } for pid=5541 comm="sshd" name="bus" dev="kdbusfs" ino=4 scontext=system_u:system_r:sshd_t:s0-s0:c0.c1023 tcontext=system_u:object_r:unlabeled_t:s0 tclass=file permissive=1 Jul 30 16:50:35 vmrawhide audit: AVC avc: denied { open } for pid=5541 comm="sshd" path="/sys/fs/kdbus/0-system/bus" dev="kdbusfs" ino=4 scontext=system_u:system_r:sshd_t:s0-s0:c0.c1023 tcontext=system_u:object_r:unlabeled_t:s0 tclass=file permissive=1 Jul 30 16:50:35 vmrawhide audit: AVC avc: denied { ioctl } for pid=5541 comm="sshd" path="/sys/fs/kdbus/0-system/bus" dev="kdbusfs" ino=4 scontext=system_u:system_r:sshd_t:s0-s0:c0.c1023 tcontext=system_u:object_r:unlabeled_t:s0 tclass=file permissive=1 Jul 30 16:50:35 vmrawhide audit: AVC avc: denied { ioctl } for pid=698 comm="systemd-logind" path="/sys/fs/kdbus/0-system/bus" dev="kdbusfs" ino=4 scontext=system_u:system_r:systemd_logind_t:s0 tcontext=system_u:object_r:unlabeled_t:s0 tclass=file permissive=1 Jul 30 16:50:44 vmrawhide audit: AVC avc: denied { ioctl } for pid=698 comm="systemd-logind" path="/sys/fs/kdbus/0-system/bus" dev="kdbusfs" ino=4 scontext=system_u:system_r:systemd_logind_t:s0 tcontext=system_u:object_r:unlabeled_t:s0 tclass=file permissive=1 Jul 30 16:52:59 vmrawhide audit: AVC avc: denied { ioctl } for pid=698 comm="systemd-logind" path="/sys/fs/kdbus/0-system/bus" dev="kdbusfs" ino=4 scontext=system_u:system_r:systemd_logind_t:s0 tcontext=system_u:object_r:unlabeled_t:s0 tclass=file permissive=1 -- Orion Poplawski Technical Manager 303-415-9701 x222 NWRA, Boulder/CoRA Office FAX: 303-415-9702 3380 Mitchell Lane orion@xxxxxxxx Boulder, CO 80301 http://www.nwra.com -- devel mailing list devel@xxxxxxxxxxxxxxxxxxxxxxx https://admin.fedoraproject.org/mailman/listinfo/devel Fedora Code of Conduct: http://fedoraproject.org/code-of-conduct