[Pkg-utopia-maintainers] Bug#515136: /usr/bin/dbus-daemon: SELinux violations in dbus-daemon
Ritesh Raj Sarraf
rrs at researchut.com
Fri Feb 13 21:03:08 UTC 2009
Package: dbus
Version: 1.2.1-5
Severity: normal
File: /usr/bin/dbus-daemon
Tags: selinux
Summary:
SELinux is preventing dbus-daemon (system_dbusd_t) "search" to ./7255
(initrc_t).
Detailed Description:
[SELinux is in permissive mode, the operation would have been denied but
was
permitted due to permissive mode.]
SELinux denied access requested by dbus-daemon. It is not expected that
this
access is required by dbus-daemon and this access may signal an
intrusion
attempt. It is also possible that the specific version or configuration
of the
application is causing it to require additional access.
Allowing Access:
Sometimes labeling problems can cause SELinux denials. You could try to
restore
the default system file context for ./7255,
restorecon -v './7255'
If this does not work, there is currently no automatic way to allow this
access.
Instead, you can generate a local policy module to allow this access -
see FAQ
(http://fedora.redhat.com/docs/selinux-faq-fc5/#id2961385) Or you can
disable
SELinux protection altogether. Disabling SELinux protection is not
recommended.
Please file a bug report
(http://bugzilla.redhat.com/bugzilla/enter_bug.cgi)
against this package.
Additional Information:
Source Context system_u:system_r:system_dbusd_t:s0
Target Context system_u:system_r:initrc_t:s0
Target Objects ./7255 [ dir ]
Source dbus-daemon
Source Path /usr/bin/dbus-daemon
Port <Unknown>
Host champaran
Source RPM Packages
Target RPM Packages
Policy RPM <Unknown>
Selinux Enabled True
Policy Type default
MLS Enabled True
Enforcing Mode Permissive
Plugin Name catchall_file
Host Name champaran
Platform Linux champaran 2.6.28-custom #1 SMP Thu
Feb 12
19:09:05 IST 2009 i686
Alert Count 1
First Seen Sat 14 Feb 2009 02:19:16 AM IST
Last Seen Sat 14 Feb 2009 02:19:16 AM IST
Local ID dc351151-d502-43a2-b1d8-a3d61e8fce71
Line Numbers
Raw Audit Messages
node=champaran type=AVC msg=audit(1234558156.552:153): avc: denied {
search } for pid=3831 comm="dbus-daemon" name="7255" dev=proc ino=31066
scontext=system_u:system_r:system_dbusd_t:s0
tcontext=system_u:system_r:initrc_t:s0 tclass=dir
node=champaran type=AVC msg=audit(1234558156.552:153): avc: denied {
read } for pid=3831 comm="dbus-daemon" name="cmdline" dev=proc
ino=31097 scontext=system_u:system_r:system_dbusd_t:s0
tcontext=system_u:system_r:initrc_t:s0 tclass=file
node=champaran type=SYSCALL msg=audit(1234558156.552:153): arch=40000003
syscall=5 success=yes exit=34 a0=b9c4a7a0 a1=0 a2=1c57 a3=b9c4b2a8
items=0 ppid=1 pid=3831 auid=4294967295 uid=104 gid=107 euid=104
suid=104 fsuid=104 egid=107 sgid=107 fsgid=107 tty=(none) ses=4294967295
comm="dbus-daemon" exe="/usr/bin/dbus-daemon"
subj=system_u:system_r:system_dbusd_t:s0 key=(null)
-- System Information:
Debian Release: 5.0
APT prefers testing
APT policy: (990, 'testing'), (500, 'unstable'), (101, 'experimental')
Architecture: i386 (i686)
Kernel: Linux 2.6.28-custom (SMP w/1 CPU core)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Versions of packages dbus depends on:
ii adduser 3.110 add and remove users and groups
ii debianutils 2.30 Miscellaneous utilities specific t
ii libc6 2.7-18 GNU C Library: Shared libraries
ii libdbus-1-3 1.2.1-5 simple interprocess messaging syst
ii libexpat1 2.0.1-4 XML parsing C library - runtime li
ii libselinux1 2.0.65-5 SELinux shared libraries
ii lsb-base 3.2-20 Linux Standard Base 3.2 init scrip
Versions of packages dbus recommends:
ii dbus-x11 1.2.1-5 simple interprocess messaging syst
dbus suggests no packages.
-- no debconf information
More information about the Pkg-utopia-maintainers
mailing list