SELinux alert

Beartooth beartooth at comcast.net
Thu Sep 24 14:10:13 UTC 2015


	The SELinux troubleshooter is telling me (for the first time 
afaik) that something called console-kit-dae has tried five times to 
write to /var/lib/dbus.

	Details : 


SELinux is preventing console-kit-dae from write access on the directory /
var/lib/dbus.

*****  Plugin catchall (100. confidence) suggests   
**************************

If you believe that console-kit-dae should be allowed write access on the 
dbus directory by default.
Then you should report this as a bug.
You can generate a local policy module to allow this access.
Do
allow this access for now by executing:
# grep console-kit-dae /var/log/audit/audit.log | audit2allow -M mypol
# semodule -i mypol.pp

Additional Information:
Source Context                system_u:system_r:consolekit_t:s0
Target Context                system_u:object_r:system_dbusd_var_lib_t:s0
Target Objects                /var/lib/dbus [ dir ]
Source                        console-kit-dae
Source Path                   console-kit-dae
Port                          <Unknown>
Host                          Hbsk4
Source RPM Packages           
Target RPM Packages           dbus-1.8.20-1.fc22.x86_64
Policy RPM                    selinux-policy-3.13.1-128.13.fc22.noarch
Selinux Enabled               True
Policy Type                   targeted
Enforcing Mode                Enforcing
Host Name                     Hbsk4
Platform                      Linux Hbsk4 4.1.5-200.fc22.x86_64 #1 SMP 
Mon Aug
                              10 23:38:23 UTC 2015 x86_64 x86_64
Alert Count                   5
First Seen                    2015-08-22 16:57:41 EDT
Last Seen                     2015-09-24 10:00:03 EDT
Local ID                      f6017525-2110-427d-9f74-831209b69ef1

Raw Audit Messages
type=AVC msg=audit(1443103203.202:3670): avc:  denied  { write } for  
pid=1482 comm="console-kit-dae" name="dbus" dev="dm-1" ino=2232648 
scontext=system_u:system_r:consolekit_t:s0 
tcontext=system_u:object_r:system_dbusd_var_lib_t:s0 tclass=dir 
permissive=0


Hash: console-kit-dae,consolekit_t,system_dbusd_var_lib_t,dir,write

	What I know of SELinux would go in a gnat's eye.

	I'm running F22 with xfce.

	What should I do??

-- 
Beartooth Staffwright, Neo-Redneck Not Quite Clueless Power User
Remember I have precious (very precious!) little idea where up is.




More information about the users mailing list