SELinux alert
Miroslav Grepl
mgrepl at redhat.com
Fri Sep 25 07:37:11 UTC 2015
On 09/24/2015 04:10 PM, Beartooth wrote:
>
> The SELinux troubleshooter is telling me (for the first time
> afaik) that something called console-kit-dae has tried five times to
> write to /var/lib/dbus.
>
> Details :
>
>
> SELinux is preventing console-kit-dae from write access on the directory /
> var/lib/dbus.
>
> ***** Plugin catchall (100. confidence) suggests
> **************************
>
> If you believe that console-kit-dae should be allowed write access on the
> dbus directory by default.
> Then you should report this as a bug.
> You can generate a local policy module to allow this access.
> Do
> allow this access for now by executing:
> # grep console-kit-dae /var/log/audit/audit.log | audit2allow -M mypol
> # semodule -i mypol.pp
>
> Additional Information:
> Source Context system_u:system_r:consolekit_t:s0
> Target Context system_u:object_r:system_dbusd_var_lib_t:s0
> Target Objects /var/lib/dbus [ dir ]
> Source console-kit-dae
> Source Path console-kit-dae
> Port <Unknown>
> Host Hbsk4
> Source RPM Packages
> Target RPM Packages dbus-1.8.20-1.fc22.x86_64
> Policy RPM selinux-policy-3.13.1-128.13.fc22.noarch
> Selinux Enabled True
> Policy Type targeted
> Enforcing Mode Enforcing
> Host Name Hbsk4
> Platform Linux Hbsk4 4.1.5-200.fc22.x86_64 #1 SMP
> Mon Aug
> 10 23:38:23 UTC 2015 x86_64 x86_64
> Alert Count 5
> First Seen 2015-08-22 16:57:41 EDT
> Last Seen 2015-09-24 10:00:03 EDT
> Local ID f6017525-2110-427d-9f74-831209b69ef1
>
> Raw Audit Messages
> type=AVC msg=audit(1443103203.202:3670): avc: denied { write } for
> pid=1482 comm="console-kit-dae" name="dbus" dev="dm-1" ino=2232648
> scontext=system_u:system_r:consolekit_t:s0
> tcontext=system_u:object_r:system_dbusd_var_lib_t:s0 tclass=dir
> permissive=0
>
It wants to create machine-id.* file. Could you please open a new bug
against selinux-policy component?
Thank you.
>
> Hash: console-kit-dae,consolekit_t,system_dbusd_var_lib_t,dir,write
>
> What I know of SELinux would go in a gnat's eye.
>
> I'm running F22 with xfce.
>
> What should I do??
>
--
Miroslav Grepl
Senior Software Engineer, SELinux Solutions
Red Hat, Inc.
More information about the users
mailing list