Re: SELinux is preventing /usr/bin/dbus-daemon from using the sys_resource capability.

Daniel J Walsh <dwalsh@xxxxxxxxxx> · Thu, 02 Jan 2014 10:45:48 -0500



-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On 12/27/2013 03:48 PM, Shintaro Fujiwara wrote:
> Hi, I recently updated my box to Fedora20.
> 
> I run my segatex program and got this error.
> 
> [root@localhost ~]# less /var/log/audit/audit.log|grep capability type=AVC
> msg=audit(1388174188.785:534): avc:  denied  { sys_resource } for pid=2819
> comm="dbus-daemon" capability=24 
> scontext=unconfined_u:unconfined_r:segatex_t:s0-s0:c0.c1023 
> tcontext=unconfined_u:unconfined_r:segatex_t:s0-s0:c0.c1023
> tclass=capability 
> ////////////////////////////////////////////////////////////////////// And,
> here's SETtroubleshoot Details window says. 
> ////////////////////////////////////////////////////////////////////// 
> Additional Information: Source Context
> unconfined_u:unconfined_r:segatex_t:s0-s0:c0.c1023 Target Context
> unconfined_u:unconfined_r:segatex_t:s0-s0:c0.c1023 Target Objects
> [ capability ] Source                        dbus-daemon Source Path
> /usr/bin/dbus-daemon Port                          <Unknown> Host
> localhost.localdomain Source RPM Packages
> dbus-1.6.12-2.fc19.i686 Target RPM Packages Policy RPM
> selinux-policy-3.12.1-106.fc20.noarch Selinux Enabled               True 
> Policy Type                   targeted Enforcing Mode
> Enforcing Host Name                     localhost.localdomain Platform
> Linux localhost.localdomain 3.11.10-301.fc20.i686+PAE #1 SMP Thu Dec 5 
> 14:12:06 UTC 2013 i686 i686 Alert Count                   1 First Seen
> 2013-12-28 04:56:28 JST Last Seen                     2013-12-28 04:56:28
> JST Local ID                      deb7259c-4795-48a1-a74f-61c331ddd21c
> 
> Raw Audit Messages type=AVC msg=audit(1388174188.785:534): avc:  denied  {
> sys_resource } for pid=2819 comm="dbus-daemon" capability=24 
> scontext=unconfined_u:unconfined_r:segatex_t:s0-s0:c0.c1023 
> tcontext=unconfined_u:unconfined_r:segatex_t:s0-s0:c0.c1023
> tclass=capability
> 
> 
> type=SYSCALL msg=audit(1388174188.785:534): arch=i386 syscall=setrlimit 
> success=no exit=EPERM a0=7 a1=bfd61e28 a2=b7594000 a3=b8d8cee0 items=0
> ppid=1 pid=2819 auid=1000 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0
> fsgid=0 ses=1 tty=(none) comm=dbus-daemon exe=/usr/bin/dbus-daemon 
> subj=unconfined_u:unconfined_r:segatex_t:s0-s0:c0.c1023 key=(null)
> 
> Hash: dbus-daemon,segatex_t,segatex_t,capability,sys_resource 
> ////////////////////////////////////////////////////// Is it just
> complaining for the more use for the resource?
> 
> 
> -- selinux mailing list selinux@xxxxxxxxxxxxxxxxxxxxxxx 
> https://admin.fedoraproject.org/mailman/listinfo/selinux
> 
This indicates your system is running out of resources like MAX Processes or
MAX FD's.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/

iEYEARECAAYFAlLFiawACgkQrlYvE4MpobMEYwCfWPDQbr7EIApikpr8we8zT4oU
fREAoJTPBoNMz/JfyP35iiSKwqilK+/m
=3Lxn
-----END PGP SIGNATURE-----
--
selinux mailing list
selinux@xxxxxxxxxxxxxxxxxxxxxxx
https://admin.fedoraproject.org/mailman/listinfo/selinux