SELinux is preventing /usr/bin/dbus-daemon from using the sys_resource capability.

Shintaro Fujiwara <shintaro.fujiwara@xxxxxxxxx> · Sat, 28 Dec 2013 05:48:34 +0900

Hi, I recently updated my box to Fedora20.

I run my segatex program and got this error.

[root@localhost ~]# less /var/log/audit/audit.log|grep capability
type=AVC msg=audit(1388174188.785:534): avc:  denied  { sys_resource } for  pid=2819 comm="dbus-daemon" capability=24  scontext=unconfined_u:unconfined_r:segatex_t:s0-s0:c0.c1023 tcontext=unconfined_u:unconfined_r:segatex_t:s0-s0:c0.c1023 tclass=capability

//////////////////////////////////////////////////////////////////////
And, here's SETtroubleshoot Details window says.
//////////////////////////////////////////////////////////////////////
Additional Information:

Source Context                unconfined_u:unconfined_r:segatex_t:s0-s0:c0.c1023
Target Context                unconfined_u:unconfined_r:segatex_t:s0-s0:c0.c1023
Target Objects                 [ capability ]
Source                        dbus-daemon

Source Path                   /usr/bin/dbus-daemon
Port                          <Unknown>
Host                          localhost.localdomain
Source RPM Packages           dbus-1.6.12-2.fc19.i686
Target RPM Packages           

Policy RPM                    selinux-policy-3.12.1-106.fc20.noarch
Selinux Enabled               True
Policy Type                   targeted
Enforcing Mode                Enforcing
Host Name                     localhost.localdomain

Platform                      Linux localhost.localdomain
                              3.11.10-301.fc20.i686+PAE #1 SMP Thu Dec 5
                              14:12:06 UTC 2013 i686 i686
Alert Count                   1

First Seen                    2013-12-28 04:56:28 JST
Last Seen                     2013-12-28 04:56:28 JST
Local ID                      deb7259c-4795-48a1-a74f-61c331ddd21c

Raw Audit Messages
type=AVC msg=audit(1388174188.785:534): avc:  denied  { sys_resource } for  pid=2819 comm="dbus-daemon" capability=24  scontext=unconfined_u:unconfined_r:segatex_t:s0-s0:c0.c1023 tcontext=unconfined_u:unconfined_r:segatex_t:s0-s0:c0.c1023 tclass=capability

type=SYSCALL msg=audit(1388174188.785:534): arch=i386 syscall=setrlimit success=no exit=EPERM a0=7 a1=bfd61e28 a2=b7594000 a3=b8d8cee0 items=0 ppid=1 pid=2819 auid=1000 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 ses=1 tty=(none) comm=dbus-daemon exe=/usr/bin/dbus-daemon subj=unconfined_u:unconfined_r:segatex_t:s0-s0:c0.c1023 key=(null)

Hash: dbus-daemon,segatex_t,segatex_t,capability,sys_resource
//////////////////////////////////////////////////////
Is it just complaining for the more use for the resource? 

--
selinux mailing list
selinux@xxxxxxxxxxxxxxxxxxxxxxx
https://admin.fedoraproject.org/mailman/listinfo/selinux