Dear all, as of yesterday's updates, I get a bunch of dbus-deamon denials, the cpu went to 99-100% during the update and running top showed dbus-daemon to be up there causing trouble. When I rebooted the machine, Selinux caught the act which is summarized below. Thanks, Antonio Summary: SELinux is preventing dbus-daemon(/bin/dbus-daemon) (system_dbusd_t) "read" to <Unknown> (inotifyfs_t). Detailed Description: SELinux denied access requested by dbus-daemon(/bin/dbus-daemon). It is not expected that this access is required by dbus-daemon(/bin/dbus-daemon) and this access may signal an intrusion attempt. It is also possible that the specific version or configuration of the application is causing it to require additional access. Allowing Access: Sometimes labeling problems can cause SELinux denials. You could try to restore the default system file context for <Unknown>, restorecon -v <Unknown> If this does not work, there is currently no automatic way to allow this access. Instead, you can generate a local policy module to allow this access - see FAQ (http://fedora.redhat.com/docs/selinux-faq-fc5/#id2961385) Or you can disable SELinux protection altogether. Disabling SELinux protection is not recommended. Please file a bug report (http://bugzilla.redhat.com/bugzilla/enter_bug.cgi) against this package. Additional Information: Source Context system_u:system_r:system_dbusd_t Target Context system_u:object_r:inotifyfs_t Target Objects None [ dir ] Source dbus-daemon(/bin/dbus-daemon) Port <Unknown> Host localhost Source RPM Packages Target RPM Packages Policy RPM selinux-policy-3.2.5-12.fc9 Selinux Enabled True Policy Type targeted MLS Enabled True Enforcing Mode Enforcing Plugin Name catchall_file Host Name localhost Platform Linux localhost 2.6.24-0.155.rc7.git6.fc9 #1 SMP Tue Jan 15 17:52:31 EST 2008 i686 athlon Alert Count 1026 First Seen Mon 21 Jan 2008 07:18:32 AM CST Last Seen Mon 21 Jan 2008 07:19:08 AM CST Local ID 4b1ce20c-c683-40fb-a014-85dbe8d69052 Line Numbers Raw Audit Messages host=localhost type=AVC msg=audit(1200921548.546:1057): avc: denied { read } for pid=1898 comm="dbus-daemon" path="inotify" dev=inotifyfs ino=1 scontext=system_u:system_r:system_dbusd_t:s0 tcontext=system_u:object_r:inotifyfs_t:s0 tclass=dir host=localhost type=SYSCALL msg=audit(1200921548.546:1057): arch=40000003 syscall=3 success=no exit=-13 a0=5 a1=bfae1fe0 a2=10 a3=b8608508 items=0 ppid=1 pid=1898 auid=4294967295 uid=81 gid=81 euid=81 suid=81 fsuid=81 egid=81 sgid=81 fsgid=81 tty=(none) comm="dbus-daemon" exe="/bin/dbus-daemon" subj=system_u:system_r:system_dbusd_t:s0 key=(null) ____________________________________________________________________________________ Never miss a thing. Make Yahoo your home page. http://www.yahoo.com/r/hs -- fedora-selinux-list mailing list fedora-selinux-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/fedora-selinux-list
