Rawhide kernel/etc. breaks sound, system_dbusd_t AVCs

Sat Jan 26 18:56:03 UTC 2008

Running today's rawhide, targeted/enforcing.

Booting up after applying today's updates, sound is disabled, and the
following AVCs:

type=AVC msg=audit(1201370968.279:17): avc:  denied  { execute } for
pid=3936 comm="dbus-daemon-lau" name="console-kit-daemon" dev=dm-0
ino=5490198 scontext=system_u:system_r:system_dbusd_t:s0
tcontext=system_u:object_r:consolekit_exec_t:s0 tclass=file
type=SYSCALL msg=audit(1201370968.279:17): arch=40000003 syscall=11
success=no exit=-13 a0=9253c30 a1=9253bb0 a2=9253008 a3=de799c items=0
ppid=3935 pid=3936 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0
egid=0 sgid=0 fsgid=0 tty=(none) comm="dbus-daemon-lau"
exe="/lib/dbus-1/dbus-daemon-launch-helper"
subj=system_u:system_r:system_dbusd_t:s0 key=(null)
type=AVC msg=audit(1201370973.064:18): avc:  denied  { execute } for
pid=4149 comm="dbus-daemon-lau" name="console-kit-daemon" dev=dm-0
ino=5490198 scontext=system_u:system_r:system_dbusd_t:s0
tcontext=system_u:object_r:consolekit_exec_t:s0 tclass=file
type=SYSCALL msg=audit(1201370973.064:18): arch=40000003 syscall=11
success=no exit=-13 a0=9113c30 a1=9113bb0 a2=9113008 a3=de799c items=0
ppid=4148 pid=4149 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0
egid=0 sgid=0 fsgid=0 tty=(none) comm="dbus-daemon-lau"
exe="/lib/dbus-1/dbus-daemon-launch-helper"
subj=system_u:system_r:system_dbusd_t:s0 key=(null)
<<< REPEATS >>>

#============= system_dbusd_t ==============
allow system_dbusd_t consolekit_exec_t:file execute;

Rebooting in permissive mode enables sound, but produces a host of
AVCs (/var/log/audit/audit.log attached):

#============= system_dbusd_t ==============
allow system_dbusd_t NetworkManager_t:dir search;
allow system_dbusd_t NetworkManager_t:file { read getattr };
allow system_dbusd_t NetworkManager_t:process ptrace;
allow system_dbusd_t consolekit_exec_t:file { read execute execute_no_trans };
allow system_dbusd_t hald_t:dbus send_msg;
allow system_dbusd_t hald_t:dir search;
allow system_dbusd_t hald_t:file { read getattr };
allow system_dbusd_t hald_t:process ptrace;
allow system_dbusd_t polkit_auth_t:dbus send_msg;
allow system_dbusd_t polkit_auth_t:dir search;
allow system_dbusd_t polkit_auth_t:file { read getattr };
allow system_dbusd_t self:capability { sys_nice sys_ptrace };
allow system_dbusd_t self:fifo_file getattr;
allow system_dbusd_t self:process getsched;
allow system_dbusd_t system_crond_var_lib_t:dir search;
allow system_dbusd_t system_crond_var_lib_t:file read;
allow system_dbusd_t tty_device_t:chr_file { read ioctl };
allow system_dbusd_t unconfined_t:dbus send_msg;
allow system_dbusd_t unconfined_t:dir search;
allow system_dbusd_t unconfined_t:file { read getattr };
allow system_dbusd_t unconfined_t:process ptrace;
allow system_dbusd_t var_log_t:dir search;
allow system_dbusd_t var_log_t:file { read getattr append setattr };
allow system_dbusd_t xdm_t:dbus send_msg;
allow system_dbusd_t xdm_t:dir search;
allow system_dbusd_t xdm_t:file { read getattr };
allow system_dbusd_t xdm_t:process ptrace;

Nothing seems mislabeled in /etc, /*bin, /lib, /usr/*bin, ....

tom
-- 
Tom London
-------------- next part --------------
A non-text attachment was scrubbed...
Name: log2
Type: application/octet-stream
Size: 33113 bytes
Desc: not available
URL: <http://listman.redhat.com/archives/fedora-selinux-list/attachments/20080126/209de587/attachment.obj>