SELinux alert
Beartooth
beartooth at comcast.net
Thu Sep 24 14:10:13 UTC 2015
The SELinux troubleshooter is telling me (for the first time
afaik) that something called console-kit-dae has tried five times to
write to /var/lib/dbus.
Details :
SELinux is preventing console-kit-dae from write access on the directory /
var/lib/dbus.
***** Plugin catchall (100. confidence) suggests
**************************
If you believe that console-kit-dae should be allowed write access on the
dbus directory by default.
Then you should report this as a bug.
You can generate a local policy module to allow this access.
Do
allow this access for now by executing:
# grep console-kit-dae /var/log/audit/audit.log | audit2allow -M mypol
# semodule -i mypol.pp
Additional Information:
Source Context system_u:system_r:consolekit_t:s0
Target Context system_u:object_r:system_dbusd_var_lib_t:s0
Target Objects /var/lib/dbus [ dir ]
Source console-kit-dae
Source Path console-kit-dae
Port <Unknown>
Host Hbsk4
Source RPM Packages
Target RPM Packages dbus-1.8.20-1.fc22.x86_64
Policy RPM selinux-policy-3.13.1-128.13.fc22.noarch
Selinux Enabled True
Policy Type targeted
Enforcing Mode Enforcing
Host Name Hbsk4
Platform Linux Hbsk4 4.1.5-200.fc22.x86_64 #1 SMP
Mon Aug
10 23:38:23 UTC 2015 x86_64 x86_64
Alert Count 5
First Seen 2015-08-22 16:57:41 EDT
Last Seen 2015-09-24 10:00:03 EDT
Local ID f6017525-2110-427d-9f74-831209b69ef1
Raw Audit Messages
type=AVC msg=audit(1443103203.202:3670): avc: denied { write } for
pid=1482 comm="console-kit-dae" name="dbus" dev="dm-1" ino=2232648
scontext=system_u:system_r:consolekit_t:s0
tcontext=system_u:object_r:system_dbusd_var_lib_t:s0 tclass=dir
permissive=0
Hash: console-kit-dae,consolekit_t,system_dbusd_var_lib_t,dir,write
What I know of SELinux would go in a gnat's eye.
I'm running F22 with xfce.
What should I do??
--
Beartooth Staffwright, Neo-Redneck Not Quite Clueless Power User
Remember I have precious (very precious!) little idea where up is.
More information about the users
mailing list