kdbus and Fedora
Eric Paris
eparis at redhat.com
Wed Jul 8 18:39:03 UTC 2015
On Wed, 2015-07-08 at 13:02 -0400, Josh Boyer wrote:
> On Wed, Jul 8, 2015 at 12:50 PM, Kevin Fenzi <kevin at scrye.com> wrote:
> > On Wed, 8 Jul 2015 10:32:53 -0400
> > Josh Boyer <jwboyer at fedoraproject.org> wrote:
> >
> > > I just pushed this to git and started a build. It will be in
> > > rawhide
> > > tomorrow with the 4.2.0-0.rc1.git2.1 kernel. (I was waiting for
> > > rc1
> > > before adding it.)
> > >
> > > I did test both with and without kdbus=1 and both worked at least
> > > from
> > > a boot standpoint. The initramfs on an install lacks the kdbus
> > > module, so it needs to be rebuilt if one wishes to use kdbus.
> >
> > Seems to work here with the following issues/bugs/whatever:
> >
> > - cpu usage is really high, seems to mostly be firewalld doing
> > something that generates audit messages and those spewing to the
> > journal. This drives the load on my laptop up to 5-6 or so and
> > cpu
> > fans spinning.
>
> I noticed this as well.
>
> > - selinux isn't happy with things:
> > Jul 08 10:32:08 voldemort.scrye.com audit[1086]: AVC avc: denied
> > { connectto } for pid=1086 comm="sedispatch"
> > path="/run/dbus/system_bus_socket"
> > scontext=system_u:system_r:audisp_t:s0
> > tcontext=system_u:system_r:init_t:s0 tclass=unix_stream_socket
> > permissive=0
> >
> > Where should we report bugs for this work?
>
> Hm, tough call. Perhaps against systemd unless it's a kernel oops?
> I
> would think systemd might need to set SELinux to permissive if it's
> booting in kdbus mode until kdbus works with SELinux upstream.
File a bug with selinux-policy. Current policy allows:
allow audisp_t system_dbusd_t : unix_stream_socket connectto ;
But the thing on the other side of /run/dbus/system_bus_socket is no
longer system_dbus_t it is init_t...
Is that actually pid=1 on the other side, or something else that we
should just get labeled correctly in policy?
More information about the kernel
mailing list