dbus daemon SELinux problem
Erick Staal
elstaal at xs4all.nl
Tue Mar 26 16:35:51 UTC 2013
Hello Miroslav,
Yes, indeed, usually I run in permissive mode around reboots to
forestall problems due to possible SELinux policy issues. Especially if
a SELinux policy update takes place I test it first in permissive mode
to ensure stability of the environment.
Sincerely, Erick
On 03/26/2013 11:32 AM, Miroslav Grepl wrote:
> On 03/22/2013 04:31 PM, Daniel J Walsh wrote:
>> -----BEGIN PGP SIGNED MESSAGE-----
>> Hash: SHA1
>>
>> On 03/22/2013 10:17 AM, Erick Staal wrote:
>>> Hi,
>>>
>>> After the last update of selinux to 3.11.1-86 the following error
>>> appears
>>> in /var/log/messages:
>>>
>>> SELinux: Context
>>> unconfined_u:system_r:unconfined_dbusd_t:s0-s0:c0.c1023
>>> would be invalid if enforcing
>>>
>>> Looks like that there is a problem with the selinux config for dbusd.
>>> Can
>>> anyone tell how to fix this?
>>>
>>> Sincerely, Erick -- selinux mailing list selinux at lists.fedoraproject.org
>>> https://admin.fedoraproject.org/mailman/listinfo/selinux
>>>
>>>
>> I have a feeling you can just ignore it.
>>
>> Not sure it why you had this label mapped into your kernel.
>>
>> system_r is not allowed to run unconfined_dbusd_t, which is basically
>> what the
>> kernel is telling you. Maybe prior to the update this was allowed.
>> but as
>> long as you did not have a process with this label on it, you would be
>> fine.
>> And there should be no way to get this label on an enforcing machine.
>>
>> ps -eZ | grep unconfined_dbusd_t
>>
>> If you get nothing that looks like system_r:unconfined_dbusd_t, you
>> should be
>> fine.
>>
> Also have you ever run in permissive mode?
>> -----BEGIN PGP SIGNATURE-----
>> Version: GnuPG v1.4.13 (GNU/Linux)
>> Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/
>>
>> iEYEARECAAYFAlFMeUoACgkQrlYvE4MpobMlggCghXY9vmlnxVqP/bcshvLJIq5Q
>> LsMAoKGDP0H3gAbGEHYXjuQ3Zc6ztGyW
>> =+MJJ
>> -----END PGP SIGNATURE-----
>> --
>> selinux mailing list
>> selinux at lists.fedoraproject.org
>> https://admin.fedoraproject.org/mailman/listinfo/selinux
>
>
More information about the selinux
mailing list