[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

SELinux is preventing dbus-daemon(/bin/dbus-daemon) (system_dbusd_t) "read" to <Unknown> (inotifyfs_t).



Dear all,

as of yesterday's updates, I get a bunch of
dbus-deamon denials, the cpu went to 99-100% during
the update and running top showed dbus-daemon to be up
there causing trouble.  When I rebooted the machine,
Selinux caught the act which is summarized below.

Thanks,

Antonio 

Summary:

SELinux is preventing dbus-daemon(/bin/dbus-daemon)
(system_dbusd_t) "read" to <Unknown>
(inotifyfs_t).

Detailed Description:

SELinux denied access requested by
dbus-daemon(/bin/dbus-daemon). It is not
expected that this access is required by
dbus-daemon(/bin/dbus-daemon) and this
access may signal an intrusion attempt. It is also
possible that the specific
version or configuration of the application is causing
it to require additional
access.

Allowing Access:

Sometimes labeling problems can cause SELinux denials.
You could try to restore
the default system file context for <Unknown>,

restorecon -v <Unknown>

If this does not work, there is currently no automatic
way to allow this access.
Instead, you can generate a local policy module to
allow this access - see FAQ
(http://fedora.redhat.com/docs/selinux-faq-fc5/#id2961385)
Or you can disable
SELinux protection altogether. Disabling SELinux
protection is not recommended.
Please file a bug report
(http://bugzilla.redhat.com/bugzilla/enter_bug.cgi)
against this package.

Additional Information:

Source Context               
system_u:system_r:system_dbusd_t
Target Context               
system_u:object_r:inotifyfs_t
Target Objects                None [ dir ]
Source                       
dbus-daemon(/bin/dbus-daemon)
Port                          <Unknown>
Host                          localhost
Source RPM Packages           
Target RPM Packages           
Policy RPM                   
selinux-policy-3.2.5-12.fc9
Selinux Enabled               True
Policy Type                   targeted
MLS Enabled                   True
Enforcing Mode                Enforcing
Plugin Name                   catchall_file
Host Name                     localhost
Platform                      Linux localhost
2.6.24-0.155.rc7.git6.fc9 #1 SMP
                              Tue Jan 15 17:52:31 EST
2008 i686 athlon
Alert Count                   1026
First Seen                    Mon 21 Jan 2008 07:18:32
AM CST
Last Seen                     Mon 21 Jan 2008 07:19:08
AM CST
Local ID                     
4b1ce20c-c683-40fb-a014-85dbe8d69052
Line Numbers                  

Raw Audit Messages            

host=localhost type=AVC
msg=audit(1200921548.546:1057): avc:  denied  { read }
for  pid=1898 comm="dbus-daemon" path="inotify"
dev=inotifyfs ino=1
scontext=system_u:system_r:system_dbusd_t:s0
tcontext=system_u:object_r:inotifyfs_t:s0 tclass=dir

host=localhost type=SYSCALL
msg=audit(1200921548.546:1057): arch=40000003
syscall=3 success=no exit=-13 a0=5 a1=bfae1fe0 a2=10
a3=b8608508 items=0 ppid=1 pid=1898 auid=4294967295
uid=81 gid=81 euid=81 suid=81 fsuid=81 egid=81 sgid=81
fsgid=81 tty=(none) comm="dbus-daemon"
exe="/bin/dbus-daemon"
subj=system_u:system_r:system_dbusd_t:s0 key=(null)





      ____________________________________________________________________________________
Never miss a thing.  Make Yahoo your home page. 
http://www.yahoo.com/r/hs


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]