[Pkg-utopia-maintainers] Bug#515136: /usr/bin/dbus-daemon: SELinux violations in dbus-daemon

Ritesh Raj Sarraf rrs at researchut.com
Fri Feb 13 21:32:44 UTC 2009 

reassign 515136 selinux-policy-default
thanks

That's the right package where selinux issues should be filed at.

Ritesh


On Saturday 14 Feb 2009 02:33:08 Ritesh Raj Sarraf wrote:
> Package: dbus
> Version: 1.2.1-5
> Severity: normal
> File: /usr/bin/dbus-daemon
> Tags: selinux
>
>
>
> Summary:
>
> SELinux is preventing dbus-daemon (system_dbusd_t) "search" to ./7255
> (initrc_t).
>
> Detailed Description:
>
> [SELinux is in permissive mode, the operation would have been denied but
> was
> permitted due to permissive mode.]
>
> SELinux denied access requested by dbus-daemon. It is not expected that
> this
> access is required by dbus-daemon and this access may signal an
> intrusion
> attempt. It is also possible that the specific version or configuration
> of the
> application is causing it to require additional access.
>
> Allowing Access:
>
> Sometimes labeling problems can cause SELinux denials. You could try to
> restore
> the default system file context for ./7255,
>
> restorecon -v './7255'
>
> If this does not work, there is currently no automatic way to allow this
> access.
> Instead, you can generate a local policy module to allow this access -
> see FAQ
> (http://fedora.redhat.com/docs/selinux-faq-fc5/#id2961385) Or you can
> disable
> SELinux protection altogether. Disabling SELinux protection is not
> recommended.
> Please file a bug report
> (http://bugzilla.redhat.com/bugzilla/enter_bug.cgi)
> against this package.
>
> Additional Information:
>
> Source Context                system_u:system_r:system_dbusd_t:s0
> Target Context                system_u:system_r:initrc_t:s0
> Target Objects                ./7255 [ dir ]
> Source                        dbus-daemon
> Source Path                   /usr/bin/dbus-daemon
> Port                          <Unknown>
> Host                          champaran
> Source RPM Packages
> Target RPM Packages
> Policy RPM                    <Unknown>
> Selinux Enabled               True
> Policy Type                   default
> MLS Enabled                   True
> Enforcing Mode                Permissive
> Plugin Name                   catchall_file
> Host Name                     champaran
> Platform                      Linux champaran 2.6.28-custom #1 SMP Thu
> Feb 12
>                               19:09:05 IST 2009 i686
> Alert Count                   1
> First Seen                    Sat 14 Feb 2009 02:19:16 AM IST
> Last Seen                     Sat 14 Feb 2009 02:19:16 AM IST
> Local ID                      dc351151-d502-43a2-b1d8-a3d61e8fce71
> Line Numbers
>
> Raw Audit Messages
>
> node=champaran type=AVC msg=audit(1234558156.552:153): avc:  denied  {
> search } for  pid=3831 comm="dbus-daemon" name="7255" dev=proc ino=31066
> scontext=system_u:system_r:system_dbusd_t:s0
> tcontext=system_u:system_r:initrc_t:s0 tclass=dir
>
> node=champaran type=AVC msg=audit(1234558156.552:153): avc:  denied  {
> read } for  pid=3831 comm="dbus-daemon" name="cmdline" dev=proc
> ino=31097 scontext=system_u:system_r:system_dbusd_t:s0
> tcontext=system_u:system_r:initrc_t:s0 tclass=file
>
> node=champaran type=SYSCALL msg=audit(1234558156.552:153): arch=40000003
> syscall=5 success=yes exit=34 a0=b9c4a7a0 a1=0 a2=1c57 a3=b9c4b2a8
> items=0 ppid=1 pid=3831 auid=4294967295 uid=104 gid=107 euid=104
> suid=104 fsuid=104 egid=107 sgid=107 fsgid=107 tty=(none) ses=4294967295
> comm="dbus-daemon" exe="/usr/bin/dbus-daemon"
> subj=system_u:system_r:system_dbusd_t:s0 key=(null)
>
>
>
>
>
>
> -- System Information:
> Debian Release: 5.0
>   APT prefers testing
>   APT policy: (990, 'testing'), (500, 'unstable'), (101, 'experimental')
> Architecture: i386 (i686)
>
> Kernel: Linux 2.6.28-custom (SMP w/1 CPU core)
> Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8)
> Shell: /bin/sh linked to /bin/dash
>
> Versions of packages dbus depends on:
> ii  adduser                       3.110      add and remove users and
> groups ii  debianutils                   2.30       Miscellaneous utilities
> specific t ii  libc6                         2.7-18     GNU C Library:
> Shared libraries ii  libdbus-1-3                   1.2.1-5    simple
> interprocess messaging syst ii  libexpat1                     2.0.1-4   
> XML parsing C library - runtime li ii  libselinux1                  
> 2.0.65-5   SELinux shared libraries ii  lsb-base                     
> 3.2-20     Linux Standard Base 3.2 init scrip
>
> Versions of packages dbus recommends:
> ii  dbus-x11                      1.2.1-5    simple interprocess messaging
> syst
>
> dbus suggests no packages.
>
> -- no debconf information

-- 
Ritesh Raj Sarraf
RESEARCHUT - http://www.researchut.com
"Necessity is the mother of invention."


-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 197 bytes
Desc: This is a digitally signed message part.
Url : http://lists.alioth.debian.org/pipermail/pkg-utopia-maintainers/attachments/20090214/b1cd2b40/attachment.pgp

More information about the Pkg-utopia-maintainers mailing list