SELinux is preventing /usr/bin/dbus-daemon from using the sys_resource capability.

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Hi, I recently updated my box to Fedora20.

I run my segatex program and got this error.

[root@localhost ~]# less /var/log/audit/audit.log|grep capability
type=AVC msg=audit(1388174188.785:534): avc:  denied  { sys_resource } for  pid=2819 comm="dbus-daemon" capability=24  scontext=unconfined_u:unconfined_r:segatex_t:s0-s0:c0.c1023 tcontext=unconfined_u:unconfined_r:segatex_t:s0-s0:c0.c1023 tclass=capability
//////////////////////////////////////////////////////////////////////
And, here's SETtroubleshoot Details window says.
//////////////////////////////////////////////////////////////////////
Additional Information:
Source Context                unconfined_u:unconfined_r:segatex_t:s0-s0:c0.c1023
Target Context                unconfined_u:unconfined_r:segatex_t:s0-s0:c0.c1023
Target Objects                 [ capability ]
Source                        dbus-daemon
Source Path                   /usr/bin/dbus-daemon
Port                          <Unknown>
Host                          localhost.localdomain
Source RPM Packages           dbus-1.6.12-2.fc19.i686
Target RPM Packages          
Policy RPM                    selinux-policy-3.12.1-106.fc20.noarch
Selinux Enabled               True
Policy Type                   targeted
Enforcing Mode                Enforcing
Host Name                     localhost.localdomain
Platform                      Linux localhost.localdomain
                              3.11.10-301.fc20.i686+PAE #1 SMP Thu Dec 5
                              14:12:06 UTC 2013 i686 i686
Alert Count                   1
First Seen                    2013-12-28 04:56:28 JST
Last Seen                     2013-12-28 04:56:28 JST
Local ID                      deb7259c-4795-48a1-a74f-61c331ddd21c

Raw Audit Messages
type=AVC msg=audit(1388174188.785:534): avc:  denied  { sys_resource } for  pid=2819 comm="dbus-daemon" capability=24  scontext=unconfined_u:unconfined_r:segatex_t:s0-s0:c0.c1023 tcontext=unconfined_u:unconfined_r:segatex_t:s0-s0:c0.c1023 tclass=capability


type=SYSCALL msg=audit(1388174188.785:534): arch=i386 syscall=setrlimit success=no exit=EPERM a0=7 a1=bfd61e28 a2=b7594000 a3=b8d8cee0 items=0 ppid=1 pid=2819 auid=1000 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 ses=1 tty=(none) comm=dbus-daemon exe=/usr/bin/dbus-daemon subj=unconfined_u:unconfined_r:segatex_t:s0-s0:c0.c1023 key=(null)

Hash: dbus-daemon,segatex_t,segatex_t,capability,sys_resource
//////////////////////////////////////////////////////
Is it just complaining for the more use for the resource?
--
selinux mailing list
selinux@xxxxxxxxxxxxxxxxxxxxxxx
https://admin.fedoraproject.org/mailman/listinfo/selinux

[Index of Archives]     [Fedora Users]     [Fedora Desktop]     [Big List of Linux Books]     [Yosemite News]     [Yosemite Campsites]     [KDE Users]     [Gnome Users]

  Powered by Linux