acpid needs to talk to d-bus

Matthew Saltzman mjs at ces.clemson.edu
Fri Oct 14 19:32:42 UTC 2005 

On Fri, 14 Oct 2005, Daniel J Walsh wrote:

> Matthew Saltzman wrote:
>> The latest Network Manager does some useful things across a suspend/resume 
>> cycle, but it relies on a dbus-send signal from the /etc/acpi/actions/sleep 
>> script.
>> 
>> My script fails to deliver that signal when invoked from acpid in enforcing 
>> mode, but it works fine from the command line or in permissive mode.
>> 
> What avc messages are you seeing?

Now that you mention it, it looks like ifdown (called from 
NetworkManager?) is the problem:

type=AVC msg=audit(1129317799.800:18): avc:  denied  { execute } for  pid=3421 comm="ifdown" name="functions" dev=dm-0 ino=16571 scontext=system_u:system_r:NetworkManager_t:s0 tcontext=system_u:object_r:etc_t:s0 tclass=file
type=SYSCALL msg=audit(1129317799.800:18): arch=40000003 syscall=33 success=yes exit=0 a0=864dff8 a1=1 a2=864dff8 a3=864b098 items=1 pid=3421 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 comm="ifdown" exe="/bin/bash"
type=CWD msg=audit(1129317799.800:18):  cwd="/"
type=PATH msg=audit(1129317799.800:18): item=0 name="/etc/init.d/functions" flags=401  inode=16571 dev=fd:00 mode=0100755 ouid=0 ogid=0 rdev=00:00
type=AVC msg=audit(1129317799.804:19): avc:  denied  { execute } for  pid=3424 comm="ifdown" name="consoletype" dev=dm-0 ino=622670 scontext=system_u:system_r:NetworkManager_t:s0 tcontext=system_u:object_r:consoletype_exec_t:s0 tclass=file
type=AVC msg=audit(1129317799.804:19): avc:  denied  { execute_no_trans } for  pid=3424 comm="ifdown" name="consoletype" dev=dm-0 ino=622670 scontext=system_u:system_r:NetworkManager_t:s0 tcontext=system_u:object_r:consoletype_exec_t:s0 tclass=file
type=AVC msg=audit(1129317799.804:19): avc:  denied  { read } for  pid=3424 comm="ifdown" name="consoletype" dev=dm-0 ino=622670 scontext=system_u:system_r:NetworkManager_t:s0 tcontext=system_u:object_r:consoletype_exec_t:s0 tclass=file
type=SYSCALL msg=audit(1129317799.804:19): arch=40000003 syscall=11 success=yes exit=0 a0=8651a18 a1=8651a60 a2=8651580 a3=0 items=2 pid=3424 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 comm="consoletype" exe="/sbin/consoletype"
type=AVC_PATH msg=audit(1129317799.804:19):  path="/sbin/consoletype"
type=AVC_PATH msg=audit(1129317799.804:19):  path="/sbin/consoletype"
type=CWD msg=audit(1129317799.804:19):  cwd="/"
type=PATH msg=audit(1129317799.804:19): item=0 name="/sbin/consoletype" flags=101  inode=622670 dev=fd:00 mode=0100755 ouid=0 ogid=0 rdev=00:00
type=PATH msg=audit(1129317799.804:19): item=1 flags=101  inode=819233 dev=fd:00 mode=0100755 ouid=0 ogid=0 rdev=00:00
type=AVC msg=audit(1129317799.844:20): avc:  denied  { execute_no_trans } for  pid=3421 comm="ifdown" name="ifdown-ppp" dev=dm-0 ino=20434 scontext=system_u:system_r:NetworkManager_t:s0 tcontext=system_u:object_r:etc_t:s0 tclass=file
type=SYSCALL msg=audit(1129317799.844:20): arch=40000003 syscall=11 success=yes exit=0 a0=864ece0 a1=864e660 a2=864e2c0 a3=0 items=3 pid=3421 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 comm="ifdown-ppp" exe="/bin/bash"
type=AVC_PATH msg=audit(1129317799.844:20):  path="/etc/sysconfig/network-scripts/ifdown-ppp"
type=CWD msg=audit(1129317799.844:20):  cwd="/etc/sysconfig/network-scripts"
type=PATH msg=audit(1129317799.844:20): item=0 name="/etc/sysconfig/network-scripts/ifdown-ppp" flags=101  inode=20434 dev=fd:00 mode=0100755 ouid=0 ogid=0 rdev=00:00
type=PATH msg=audit(1129317799.844:20): item=1 flags=101  inode=753755 dev=fd:00 mode=0100755 ouid=0 ogid=0 rdev=00:00
type=PATH msg=audit(1129317799.844:20): item=2 flags=101  inode=819233 dev=fd:00 mode=0100755 ouid=0 ogid=0 rdev=00:00
type=AVC msg=audit(1129317799.888:21): avc:  denied  { ioctl } for  pid=3421 comm="ifdown-ppp" name="ifdown-ppp" dev=dm-0 ino=20434 scontext=system_u:system_r:NetworkManager_t:s0 tcontext=system_u:object_r:etc_t:s0 tclass=file
type=SYSCALL msg=audit(1129317799.888:21): arch=40000003 syscall=54 success=no exit=-25 a0=3 a1=5401 a2=bf97d068 a3=bf97d0a8 items=0 pid=3421 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 comm="ifdown-ppp" exe="/bin/bash"
type=AVC_PATH msg=audit(1129317799.888:21):  path="/etc/sysconfig/network-scripts/ifdown-ppp"

The relevant section of the script is:

/usr/bin/dbus-send --system --dest=org.freedesktop.NetworkManager --type=method_call /org/freedesktop/NetworkManager org.freedesktop.NetworkManager.sleep

sync
echo -n "mem" > /sys/power/state

/usr/bin/dbus-send --system --dest=org.freedesktop.NetworkManager --type=method_call /org/freedesktop/NetworkManager org.freedesktop.NetworkManager.wake

>
> Dan
>
>

-- 
 		Matthew Saltzman

Clemson University Math Sciences
mjs AT clemson DOT edu
http://www.math.clemson.edu/~mjs

More information about the fedora-selinux-list mailing list