Bug#857660: SELinux: cannot sent policyload notice
On Tue, 21 Mar 2017 at 14:46:24 -0400, Stephen Smalley wrote: > On Tue, 2017-03-14 at 00:11 +0100, cgzones wrote: > > I created bug report against dbus 1.10 on Debian [1] due to failing > > to > > send policyload notices. > > Are there any objections or comments on the upstream patch[2]? > > Also, the patch looks correct to me. Thanks, I've cherry-picked it from master to the 1.10 branch. It will be in dbus 1.10.18, unless the Debian release team ask me to revert it. S
Bug#857660: SELinux: cannot sent policyload notice
On Tue, 2017-03-14 at 00:11 +0100, cgzones wrote: > Hi list, > I created bug report against dbus 1.10 on Debian [1] due to failing > to > send policyload notices. > Are there any objections or comments on the upstream patch[2]? Also, the patch looks correct to me. > The patch works for me: > > Mar 14 00:01:36 debianSE audit[441]: USER_AVC pid=441 uid=105 > auid=4294967295 ses=4294967295 > subj=system_u:system_r:system_dbusd_t:s0-s0:c0.c1023 msg='avc: > received policyload notice (seqno=3) > exe="/usr/bin/dbus-daemon" > sauid=105 hostname=? addr=? terminal=?' > Mar 14 00:01:36 debianSE dbus[441]: [system] Reloaded configuration > > Best regards, > Christian Göttsche > > > [1] https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=857660 > [2] https://cgit.freedesktop.org/dbus/dbus/commit/?id=a3a5935a0a038c3 > b44c61ce5719f0f7e647b96c6
Bug#857660: SELinux: cannot sent policyload notice
On Tue, 2017-03-14 at 00:11 +0100, cgzones wrote: > Hi list, > I created bug report against dbus 1.10 on Debian [1] due to failing > to > send policyload notices. > Are there any objections or comments on the upstream patch[2]? The patch has been working correctly in dbus 1.11 in Fedora for quite some time. > The patch works for me: > > Mar 14 00:01:36 debianSE audit[441]: USER_AVC pid=441 uid=105 > auid=4294967295 ses=4294967295 > subj=system_u:system_r:system_dbusd_t:s0-s0:c0.c1023 msg='avc: > received policyload notice (seqno=3) > exe="/usr/bin/dbus-daemon" > sauid=105 hostname=? addr=? terminal=?' > Mar 14 00:01:36 debianSE dbus[441]: [system] Reloaded configuration > > Best regards, > Christian Göttsche > > > [1] https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=857660 > [2] https://cgit.freedesktop.org/dbus/dbus/commit/?id=a3a5935a0a038c3 > b44c61ce5719f0f7e647b96c6
Bug#857660: SELinux: cannot sent policyload notice
Hi list, I created bug report against dbus 1.10 on Debian [1] due to failing to send policyload notices. Are there any objections or comments on the upstream patch[2]? The patch works for me: Mar 14 00:01:36 debianSE audit[441]: USER_AVC pid=441 uid=105 auid=4294967295 ses=4294967295 subj=system_u:system_r:system_dbusd_t:s0-s0:c0.c1023 msg='avc: received policyload notice (seqno=3) exe="/usr/bin/dbus-daemon" sauid=105 hostname=? addr=? terminal=?' Mar 14 00:01:36 debianSE dbus[441]: [system] Reloaded configuration Best regards, Christian Göttsche [1] https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=857660 [2] https://cgit.freedesktop.org/dbus/dbus/commit/?id=a3a5935a0a038c3b44c61ce5719f0f7e647b96c6
Bug#857660: SELinux: cannot sent policyload notice
On Mon, 13 Mar 2017 at 20:52:47 +0100, cgzones wrote: > on SELinux enabled systems, dbus cannot send the policyload notification. > > There is already a thread over at redhat [1], and bug reports at > redhat [2] and dbus [3]. > Please, cherry-pick the fix from upstream [4]. The reason it's only in 1.11.x so far, and not the 1.10.x stable branch, is that nobody who uses/knows SELinux seemed to be able to confirm that this is in fact correct. Is it correct? Does it work? If the combination of D-Bus and SELinux is important to you, it would be great to have a regular reviewer/tester who we can cc on SELinux-related patches. I know a reasonable amount about AppArmor, but I don't use SELinux, and the SELinux-specific code often doesn't have anyone willing to say that they're confident it's correct. S
Bug#857660: SELinux: cannot sent policyload notice
Package: dbus Version: 1.10.16-1 User: selinux-de...@lists.alioth.debian.org Usertags: selinux Hi, on SELinux enabled systems, dbus cannot send the policyload notification. There is already a thread over at redhat [1], and bug reports at redhat [2] and dbus [3]. Please, cherry-pick the fix from upstream [4]. Best regards, Christian Göttsche [1] https://www.redhat.com/archives/linux-audit/2015-November/msg2.html [2] https://bugzilla.redhat.com/show_bug.cgi?id=1278602 [3] https://bugs.freedesktop.org/show_bug.cgi?id=92832 [4] https://cgit.freedesktop.org/dbus/dbus/commit/?id=a3a5935a0a038c3b44c61ce5719f0f7e647b96c6
