SELinux alert

Miroslav Grepl mgrepl at redhat.com
Fri Sep 25 07:37:11 UTC 2015 

On 09/24/2015 04:10 PM, Beartooth wrote:
> 
> 	The SELinux troubleshooter is telling me (for the first time 
> afaik) that something called console-kit-dae has tried five times to 
> write to /var/lib/dbus.
> 
> 	Details : 
> 
> 
> SELinux is preventing console-kit-dae from write access on the directory /
> var/lib/dbus.
> 
> *****  Plugin catchall (100. confidence) suggests   
> **************************
> 
> If you believe that console-kit-dae should be allowed write access on the 
> dbus directory by default.
> Then you should report this as a bug.
> You can generate a local policy module to allow this access.
> Do
> allow this access for now by executing:
> # grep console-kit-dae /var/log/audit/audit.log | audit2allow -M mypol
> # semodule -i mypol.pp
> 
> Additional Information:
> Source Context                system_u:system_r:consolekit_t:s0
> Target Context                system_u:object_r:system_dbusd_var_lib_t:s0
> Target Objects                /var/lib/dbus [ dir ]
> Source                        console-kit-dae
> Source Path                   console-kit-dae
> Port                          <Unknown>
> Host                          Hbsk4
> Source RPM Packages           
> Target RPM Packages           dbus-1.8.20-1.fc22.x86_64
> Policy RPM                    selinux-policy-3.13.1-128.13.fc22.noarch
> Selinux Enabled               True
> Policy Type                   targeted
> Enforcing Mode                Enforcing
> Host Name                     Hbsk4
> Platform                      Linux Hbsk4 4.1.5-200.fc22.x86_64 #1 SMP 
> Mon Aug
>                               10 23:38:23 UTC 2015 x86_64 x86_64
> Alert Count                   5
> First Seen                    2015-08-22 16:57:41 EDT
> Last Seen                     2015-09-24 10:00:03 EDT
> Local ID                      f6017525-2110-427d-9f74-831209b69ef1
> 
> Raw Audit Messages
> type=AVC msg=audit(1443103203.202:3670): avc:  denied  { write } for  
> pid=1482 comm="console-kit-dae" name="dbus" dev="dm-1" ino=2232648 
> scontext=system_u:system_r:consolekit_t:s0 
> tcontext=system_u:object_r:system_dbusd_var_lib_t:s0 tclass=dir 
> permissive=0
> 

It wants to create machine-id.* file. Could you please open a new bug
against selinux-policy component?

Thank you.

> 
> Hash: console-kit-dae,consolekit_t,system_dbusd_var_lib_t,dir,write
> 
> 	What I know of SELinux would go in a gnat's eye.
> 
> 	I'm running F22 with xfce.
> 
> 	What should I do??
> 


-- 
Miroslav Grepl
Senior Software Engineer, SELinux Solutions
Red Hat, Inc.

More information about the users mailing list