dbus daemon SELinux problem
Miroslav Grepl
mgrepl at redhat.com
Tue Mar 26 10:32:19 UTC 2013
On 03/22/2013 04:31 PM, Daniel J Walsh wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> On 03/22/2013 10:17 AM, Erick Staal wrote:
>> Hi,
>>
>> After the last update of selinux to 3.11.1-86 the following error appears
>> in /var/log/messages:
>>
>> SELinux: Context unconfined_u:system_r:unconfined_dbusd_t:s0-s0:c0.c1023
>> would be invalid if enforcing
>>
>> Looks like that there is a problem with the selinux config for dbusd. Can
>> anyone tell how to fix this?
>>
>> Sincerely, Erick -- selinux mailing list selinux at lists.fedoraproject.org
>> https://admin.fedoraproject.org/mailman/listinfo/selinux
>>
>>
> I have a feeling you can just ignore it.
>
> Not sure it why you had this label mapped into your kernel.
>
> system_r is not allowed to run unconfined_dbusd_t, which is basically what the
> kernel is telling you. Maybe prior to the update this was allowed. but as
> long as you did not have a process with this label on it, you would be fine.
> And there should be no way to get this label on an enforcing machine.
>
> ps -eZ | grep unconfined_dbusd_t
>
> If you get nothing that looks like system_r:unconfined_dbusd_t, you should be
> fine.
>
Also have you ever run in permissive mode?
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1.4.13 (GNU/Linux)
> Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/
>
> iEYEARECAAYFAlFMeUoACgkQrlYvE4MpobMlggCghXY9vmlnxVqP/bcshvLJIq5Q
> LsMAoKGDP0H3gAbGEHYXjuQ3Zc6ztGyW
> =+MJJ
> -----END PGP SIGNATURE-----
> --
> selinux mailing list
> selinux at lists.fedoraproject.org
> https://admin.fedoraproject.org/mailman/listinfo/selinux
More information about the selinux
mailing list