View Issue Details

IDProjectCategoryView StatusLast Update
0014615CentOS-7selinux-policypublic2020-02-06 18:05
Reportercparg Assigned To 
PrioritynormalSeverityminorReproducibilityhave not tried
Status newResolutionopen 
OS Version7 
Summary0014615: SELinux is preventing /usr/bin/dbus-launch from read, open access on the file /usr/bin/dbus-daemon.
DescriptionDescription of problem:
SELinux is preventing /usr/bin/dbus-launch from read, open access on the file /usr/bin/dbus-daemon.

***** Plugin catchall (100. confidence) suggests **************************

If sie denken, dass es dbus-launch standardmäßig erlaubt sein sollte, read open Zugriff auf dbus-daemon file zu erhalten.
Then sie sollten dies als Fehler melden.
Um diesen Zugriff zu erlauben, können Sie ein lokales Richtlinien-Modul erstellen.
allow this access for now by executing:
# ausearch -c 'dbus-launch' --raw | audit2allow -M my-dbuslaunch
# semodule -i my-dbuslaunch.pp

Additional Information:
Source Context system_u:system_r:pulseaudio_t:s0
Target Context system_u:object_r:dbusd_exec_t:s0
Target Objects /usr/bin/dbus-daemon [ file ]
Source dbus-launch
Source Path /usr/bin/dbus-launch
Port <Unknown>
Host (removed)
Source RPM Packages dbus-x11-1.6.12-17.el7.x86_64
Target RPM Packages dbus-1.6.12-17.el7.x86_64
Policy RPM selinux-policy-3.13.1-166.el7_4.7.noarch
Selinux Enabled True
Policy Type targeted
Enforcing Mode Enforcing
Host Name (removed)
Platform Linux (removed) 4.15.7-1.el7.elrepo.x86_64 #1 SMP
                              Wed Feb 28 14:38:13 EST 2018 x86_64 x86_64
Alert Count 28
First Seen 2018-03-18 13:41:41 CET
Last Seen 2018-03-19 20:26:14 CET
Local ID efe0bc71-06d7-4713-8706-2d01e15913cd

Raw Audit Messages
type=AVC msg=audit(1521487574.184:794): avc: denied { read open } for pid=27003 comm="dbus-launch" path="/usr/bin/dbus-daemon" dev="dm-1" ino=4992676 scontext=system_u:system_r:pulseaudio_t:s0 tcontext=system_u:object_r:dbusd_exec_t:s0 tclass=file permissive=0

type=SYSCALL msg=audit(1521487574.184:794): arch=x86_64 syscall=execve success=no exit=EACCES a0=7ffcc5097fa1 a1=7ffcc5098090 a2=7ffcc509a788 a3=a2e68746170206c items=0 ppid=27002 pid=27003 auid=18914 uid=18914 gid=1000 euid=18914 suid=18914 fsuid=18914 egid=1000 sgid=1000 fsgid=1000 tty=(none) ses=3 comm=dbus-launch exe=/usr/bin/dbus-launch subj=system_u:system_r:pulseaudio_t:s0 key=(null)

Hash: dbus-launch,pulseaudio_t,dbusd_exec_t,file,read,open

Version-Release number of selected component:
Additional Informationreporter: libreport-
hashmarkername: setroubleshoot
kernel: 4.15.11-1.el7.elrepo.x86_64
reproducible: Not sure how to reproduce the problem
type: libreport
TagsNo tags attached.




2020-02-06 18:05

reporter   ~0036220

does anybody care ?
SElinux seems unusable... too many false alarms.

Issue History

Date Modified Username Field Change
2018-03-23 18:53 cparg New Issue
2020-02-06 18:05 cparg Note Added: 0036220