Note: This is a public test instance of Red Hat Bugzilla. The data contained within is a snapshot of the live data so any changes you make will not be reflected in the production Bugzilla. Email is disabled so feel free to test any aspect of the site that you want. File any problems you find or give feedback at bugzilla.redhat.com.

Bug 1647121

Summary: systemd-user-ru not allowed read access on the dbus-1 directory
Product: [Fedora] Fedora Reporter: Fabrizio <erfabbri>
Component: selinux-policyAssignee: Lukas Vrabec <lvrabec>
Status: CLOSED DUPLICATE QA Contact: Fedora Extras Quality Assurance <extras-qa>
Severity: low Docs Contact:
Priority: unspecified    
Version: 29CC: dwalsh, erfabbri, lvrabec, mgrepl, plautrba
Target Milestone: ---   
Target Release: ---   
Hardware: x86_64   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2018-11-06 17:46:41 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description Fabrizio 2018-11-06 17:25:25 UTC 
Description of problem: Just after upgrade to Fedora 29 the SELinux alert pop-up at every boot


Version-Release number of selected component (if applicable): selinux-policy-3.14.2-40.fc29.noarch


Additional info:
SELinux impedisce a systemd-user-ru un accesso read su cartella dbus-1.
⏎
⏎
***** Plugin catchall(100. confidenza) suggerisce**************************

If you believe that systemd-user-ru should be allowed read access on the dbus-1 directory by default.
Quindi si dovrebbe riportare il problema come bug.
E' possibile generare un modulo di politica locale per consentire questo accesso.
Fai
allow this access for now by executing:
# ausearch -c 'systemd-user-ru' --raw | audit2allow -M my-systemduserru
# semodule -X 300 -i my-systemduserru.pp

Informazioni addizionali:
Contesto della sorgente       system_u:system_r:init_t:s0
Contesto target               unconfined_u:object_r:session_dbusd_tmp_t:s0
Oggetti target                dbus-1 [ dir ]
Sorgente                      systemd-user-ru
Percorso della sorgente       systemd-user-ru
Porta                         <Sconosciuto>
Host                          Host2
Sorgente Pacchetti RPM        
Pacchetti RPM target          
RPM della policy              selinux-policy-3.14.2-40.fc29.noarch
Selinux abilitato             True
Tipo di politica              targeted
Modalità Enforcing            Enforcing
Host Name                     Host2
Piattaforma                   Linux Host2 4.18.16-300.fc29.x86_64 #1 SMP Sat
                              Oct 20 23:24:08 UTC 2018 x86_64 x86_64
Conteggio avvisi              3
Primo visto                   2018-11-05 22:04:49 CET
Ultimo visto                  2018-11-06 18:06:55 CET
ID locale                     588f34f7-2f67-40cc-b872-070f164f40ef

Messaggi Raw Audit
type=AVC msg=audit(1541524015.519:247): avc:  denied  { read } for  pid=2002 comm="systemd-user-ru" name="dbus-1" dev="tmpfs" ino=28386 scontext=system_u:system_r:init_t:s0 tcontext=unconfined_u:object_r:session_dbusd_tmp_t:s0 tclass=dir permissive=0


Hash: systemd-user-ru,init_t,session_dbusd_tmp_t,dir,read
Comment 1 Lukas Vrabec 2018-11-06 17:46:41 UTC 

*** This bug has been marked as a duplicate of bug 1644313 ***