Re: acpid needs to talk to d-bus

Matthew Saltzman <mjs@xxxxxxxxxxxxxxx> · Fri, 14 Oct 2005 15:32:42 -0400 (EDT)

On Fri, 14 Oct 2005, Daniel J Walsh wrote:

Matthew Saltzman wrote:
The latest Network Manager does some useful things across a suspend/resume 
cycle, but it relies on a dbus-send signal from the /etc/acpi/actions/sleep 
script.

My script fails to deliver that signal when invoked from acpid in enforcing 
mode, but it works fine from the command line or in permissive mode.

What avc messages are you seeing?

Now that you mention it, it looks like ifdown (called from 
NetworkManager?) is the problem:

type=AVC msg=audit(1129317799.800:18): avc:  denied  { execute } for  pid=3421 comm="ifdown" name="functions" dev=dm-0 ino=16571 scontext=system_u:system_r:NetworkManager_t:s0 tcontext=system_u:object_r:etc_t:s0 tclass=file
type=SYSCALL msg=audit(1129317799.800:18): arch=40000003 syscall=33 success=yes exit=0 a0=864dff8 a1=1 a2=864dff8 a3=864b098 items=1 pid=3421 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 comm="ifdown" exe="/bin/bash"
type=CWD msg=audit(1129317799.800:18):  cwd="/"
type=PATH msg=audit(1129317799.800:18): item=0 name="/etc/init.d/functions" flags=401  inode=16571 dev=fd:00 mode=0100755 ouid=0 ogid=0 rdev=00:00
type=AVC msg=audit(1129317799.804:19): avc:  denied  { execute } for  pid=3424 comm="ifdown" name="consoletype" dev=dm-0 ino=622670 scontext=system_u:system_r:NetworkManager_t:s0 tcontext=system_u:object_r:consoletype_exec_t:s0 tclass=file
type=AVC msg=audit(1129317799.804:19): avc:  denied  { execute_no_trans } for  pid=3424 comm="ifdown" name="consoletype" dev=dm-0 ino=622670 scontext=system_u:system_r:NetworkManager_t:s0 tcontext=system_u:object_r:consoletype_exec_t:s0 tclass=file
type=AVC msg=audit(1129317799.804:19): avc:  denied  { read } for  pid=3424 comm="ifdown" name="consoletype" dev=dm-0 ino=622670 scontext=system_u:system_r:NetworkManager_t:s0 tcontext=system_u:object_r:consoletype_exec_t:s0 tclass=file
type=SYSCALL msg=audit(1129317799.804:19): arch=40000003 syscall=11 success=yes exit=0 a0=8651a18 a1=8651a60 a2=8651580 a3=0 items=2 pid=3424 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 comm="consoletype" exe="/sbin/consoletype"
type=AVC_PATH msg=audit(1129317799.804:19):  path="/sbin/consoletype"
type=AVC_PATH msg=audit(1129317799.804:19):  path="/sbin/consoletype"
type=CWD msg=audit(1129317799.804:19):  cwd="/"
type=PATH msg=audit(1129317799.804:19): item=0 name="/sbin/consoletype" flags=101  inode=622670 dev=fd:00 mode=0100755 ouid=0 ogid=0 rdev=00:00
type=PATH msg=audit(1129317799.804:19): item=1 flags=101  inode=819233 dev=fd:00 mode=0100755 ouid=0 ogid=0 rdev=00:00
type=AVC msg=audit(1129317799.844:20): avc:  denied  { execute_no_trans } for  pid=3421 comm="ifdown" name="ifdown-ppp" dev=dm-0 ino=20434 scontext=system_u:system_r:NetworkManager_t:s0 tcontext=system_u:object_r:etc_t:s0 tclass=file
type=SYSCALL msg=audit(1129317799.844:20): arch=40000003 syscall=11 success=yes exit=0 a0=864ece0 a1=864e660 a2=864e2c0 a3=0 items=3 pid=3421 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 comm="ifdown-ppp" exe="/bin/bash"
type=AVC_PATH msg=audit(1129317799.844:20):  path="/etc/sysconfig/network-scripts/ifdown-ppp"
type=CWD msg=audit(1129317799.844:20):  cwd="/etc/sysconfig/network-scripts"
type=PATH msg=audit(1129317799.844:20): item=0 name="/etc/sysconfig/network-scripts/ifdown-ppp" flags=101  inode=20434 dev=fd:00 mode=0100755 ouid=0 ogid=0 rdev=00:00
type=PATH msg=audit(1129317799.844:20): item=1 flags=101  inode=753755 dev=fd:00 mode=0100755 ouid=0 ogid=0 rdev=00:00
type=PATH msg=audit(1129317799.844:20): item=2 flags=101  inode=819233 dev=fd:00 mode=0100755 ouid=0 ogid=0 rdev=00:00
type=AVC msg=audit(1129317799.888:21): avc:  denied  { ioctl } for  pid=3421 comm="ifdown-ppp" name="ifdown-ppp" dev=dm-0 ino=20434 scontext=system_u:system_r:NetworkManager_t:s0 tcontext=system_u:object_r:etc_t:s0 tclass=file
type=SYSCALL msg=audit(1129317799.888:21): arch=40000003 syscall=54 success=no exit=-25 a0=3 a1=5401 a2=bf97d068 a3=bf97d0a8 items=0 pid=3421 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 comm="ifdown-ppp" exe="/bin/bash"
type=AVC_PATH msg=audit(1129317799.888:21):  path="/etc/sysconfig/network-scripts/ifdown-ppp"

The relevant section of the script is:

/usr/bin/dbus-send --system --dest=org.freedesktop.NetworkManager --type=method_call /org/freedesktop/NetworkManager org.freedesktop.NetworkManager.sleep

sync
echo -n "mem" > /sys/power/state

/usr/bin/dbus-send --system --dest=org.freedesktop.NetworkManager --type=method_call /org/freedesktop/NetworkManager org.freedesktop.NetworkManager.wake

Dan

--
		Matthew Saltzman

Clemson University Math Sciences
mjs AT clemson DOT edu
http://www.math.clemson.edu/~mjs

--
fedora-selinux-list mailing list
fedora-selinux-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/fedora-selinux-list