<div>Hi,</div><div>I am using rehel 6.0.</div><div>As a beginner I picked dummy policies in linux-2.6.32-71.el6/scripts/selinux/.</div><div>This is a monolithic policy.</div><div>After setting up every thing, I rebooted the machine. It did all the relabling.</div>
<div>In permissive mode I looked at audit logs and found messages :<br clear="all"></div><div>type=USER_AVC msg=audit(1360672844.901:8): user pid=1658 uid=81 auid=4294967295 ses=4294967295 subj=admin_u:admin_r:base_t msg='avc: denied { send_msg } for msgtype=method_call interface=org.freedesktop.DBus member=Hello dest=org.freedesktop.DBus spid=1 scontext=admin_u:admin_r:base_t tcontext=admin_u:admin_r:base_t tclass=dbus exe="/bin/dbus-daemon" sauid=81 hostname=? addr=? terminal=?'<br>
type=USER_AVC msg=audit(1360672844.903:9): user pid=1658 uid=81 auid=4294967295 ses=4294967295 subj=admin_u:admin_r:base_t msg='avc: denied { acquire_svc } for service=com.ubuntu.Upstart spid=1 scontext=admin_u:admin_r:base_t tcontext=admin_u:admin_r:base_t tclass=dbus exe="/bin/dbus-daemon" sauid=81 hostname=? addr=? terminal=?'<br>
</div><div>Then I used audit2allow and it suggested:</div><div>allow base_t self:dbus acquire_svc<br>allow base_t self:dbus send_msg</div><div> </div><div>I added these in policy.conf and recreated policy.24 using checkpolicy.</div>
<div>There was no dbus class define in policy.conf So i decleared it </div><div> </div><div>class dbus<br>{<br> acquire_svc<br> send_msg<br>}<br></div><div>I rebooted machine in enforcement mode.</div><div>And I could not loginin in init5.( I was able to login to init 3).</div>
<div> </div><div>I saw following message:</div><div>"Could not connect to session bus: An SELinux policy prevents this sender from sending this message to this recepient (rejected message had sender "(unset)" interface "org.freedesktop.DBus" member "Hello" error name"(unset)" destination org.freedesktop.DBus")</div>
<div> </div><div>Then again I went into permissive mode and looked at audit.log and found the above messages again.</div><div> </div><div>Can someone please help on this ?</div><div>-- <br>------------------<br>with regards<br>
Rahul Khali<br></div>