SELinux is preventing dbus-daemon(/bin/dbus-daemon) (system_dbusd_t) "read" to <Unknown> (inotifyfs_t).
Daniel J Walsh
dwalsh at redhat.com
Thu Jan 24 14:53:06 UTC 2008
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Antonio Olivares wrote:
> Dear all,
>
> as of yesterday's updates, I get a bunch of
> dbus-deamon denials, the cpu went to 99-100% during
> the update and running top showed dbus-daemon to be up
> there causing trouble. When I rebooted the machine,
> Selinux caught the act which is summarized below.
>
> Thanks,
>
> Antonio
>
> Summary:
>
> SELinux is preventing dbus-daemon(/bin/dbus-daemon)
> (system_dbusd_t) "read" to <Unknown>
> (inotifyfs_t).
>
> Detailed Description:
>
> SELinux denied access requested by
> dbus-daemon(/bin/dbus-daemon). It is not
> expected that this access is required by
> dbus-daemon(/bin/dbus-daemon) and this
> access may signal an intrusion attempt. It is also
> possible that the specific
> version or configuration of the application is causing
> it to require additional
> access.
>
> Allowing Access:
>
> Sometimes labeling problems can cause SELinux denials.
> You could try to restore
> the default system file context for <Unknown>,
>
> restorecon -v <Unknown>
>
> If this does not work, there is currently no automatic
> way to allow this access.
> Instead, you can generate a local policy module to
> allow this access - see FAQ
> (http://fedora.redhat.com/docs/selinux-faq-fc5/#id2961385)
> Or you can disable
> SELinux protection altogether. Disabling SELinux
> protection is not recommended.
> Please file a bug report
> (http://bugzilla.redhat.com/bugzilla/enter_bug.cgi)
> against this package.
>
> Additional Information:
>
> Source Context
> system_u:system_r:system_dbusd_t
> Target Context
> system_u:object_r:inotifyfs_t
> Target Objects None [ dir ]
> Source
> dbus-daemon(/bin/dbus-daemon)
> Port <Unknown>
> Host localhost
> Source RPM Packages
> Target RPM Packages
> Policy RPM
> selinux-policy-3.2.5-12.fc9
> Selinux Enabled True
> Policy Type targeted
> MLS Enabled True
> Enforcing Mode Enforcing
> Plugin Name catchall_file
> Host Name localhost
> Platform Linux localhost
> 2.6.24-0.155.rc7.git6.fc9 #1 SMP
> Tue Jan 15 17:52:31 EST
> 2008 i686 athlon
> Alert Count 1026
> First Seen Mon 21 Jan 2008 07:18:32
> AM CST
> Last Seen Mon 21 Jan 2008 07:19:08
> AM CST
> Local ID
> 4b1ce20c-c683-40fb-a014-85dbe8d69052
> Line Numbers
>
> Raw Audit Messages
>
> host=localhost type=AVC
> msg=audit(1200921548.546:1057): avc: denied { read }
> for pid=1898 comm="dbus-daemon" path="inotify"
> dev=inotifyfs ino=1
> scontext=system_u:system_r:system_dbusd_t:s0
> tcontext=system_u:object_r:inotifyfs_t:s0 tclass=dir
>
> host=localhost type=SYSCALL
> msg=audit(1200921548.546:1057): arch=40000003
> syscall=3 success=no exit=-13 a0=5 a1=bfae1fe0 a2=10
> a3=b8608508 items=0 ppid=1 pid=1898 auid=4294967295
> uid=81 gid=81 euid=81 suid=81 fsuid=81 egid=81 sgid=81
> fsgid=81 tty=(none) comm="dbus-daemon"
> exe="/bin/dbus-daemon"
> subj=system_u:system_r:system_dbusd_t:s0 key=(null)
>
>
>
>
>
> ____________________________________________________________________________________
> Never miss a thing. Make Yahoo your home page.
> http://www.yahoo.com/r/hs
>
> --
> fedora-selinux-list mailing list
> fedora-selinux-list at redhat.com
> https://www.redhat.com/mailman/listinfo/fedora-selinux-list
Should be fixed now.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.8 (GNU/Linux)
Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org
iEYEARECAAYFAkeYplIACgkQrlYvE4MpobPiqQCg3wY5BStNnz29ewUf5+lDxd3M
gkoAoNRnaYq5fO9ANF+QZSiq4xWyn1mo
=XY5g
-----END PGP SIGNATURE-----
More information about the test
mailing list