kismet - DBUS AVCs

Dominick Grift domg472 at gmail.com
Sun Jul 5 13:31:04 UTC 2009 

On Sun, 2009-07-05 at 14:45 +0200, Christoph A. wrote:
> Hi,
> 
> I'm running fedora 11.
> 
> rpm -qa selinux*
> selinux-policy-3.6.12-53.fc11.noarch
> selinux-policy-targeted-3.6.12-53.fc11.noarch
> 
> When I try to start kismet it failes with this error:
> 
> WARNING: Failed to connect to DBUS system, will not be able to control 
> networkmanager: Failed to connect to socket 
> /var/run/dbus/system_bus_socket: Permission denied
> WARNING: Failed to send 'sleep' command to networkmanager via DBUS, NM 
> may try to take control of the interfaces still.FATAL: Dump file error: 
> Unable to open dump file /home/kismet/dump/Jul-05-2009-14-26-09.dump (No 
> such file or directory)
> Sending termination request to channel control child 10743...
> WARNING: Error disabling monitor mode: mode set ioctl failed 16:Device 
> or resource busy
> WARNING: WIFI5100AGN (wlan0) left in an unknown state.  You may need to 
> manually
>           restart or reconfigure it for normal operation.
> WARNING: Sometimes cards don't always come out of monitor mode
>           cleanly.  If your card is not fully working, you may need to
>           restart or reconfigure it for normal operation.
> Waiting for channel control child 10743 to exit...
> Trying to wake networkmanager back up...
> WARNING: Failed to connect to DBUS system, will not be able to control 
> networkmanager: Failed to connect to socket 
> /var/run/dbus/system_bus_socket: Permission denied
> WARNING: Failed to send 'wake' command to networkmanager via DBUS, NM 
> may still be inactive.Kismet exiting.
> 
> 
> log:
> 
> node=localhost.localdomain type=AVC msg=audit(1246795836.328:420): avc: 
> denied { search } for pid=10334 comm="kismet_server" name="dbus" 
> dev=dm-1 ino=2000053 
> scontext=unconfined_u:unconfined_r:kismet_t:s0-s0:c0.c1023 
> tcontext=system_u:object_r:system_dbusd_var_run_t:s0 tclass=dir 
> node=localhost.localdomain type=SYSCALL msg=audit(1246795836.328:420): 
> arch=40000003 syscall=102 success=no exit=-13 a0=3 a1=bfe50b20 a2=bbeff4 
> a3=bfe50ccc items=0 ppid=10333 pid=10334 auid=500 uid=492 gid=496 
> euid=492 suid=492 fsuid=492 egid=496 sgid=496 fsgid=496 tty=pts0 ses=1 
> comm="kismet_server" exe="/usr/bin/kismet_server" 
> subj=unconfined_u:unconfined_r:kismet_t:s0-s0:c0.c1023 key=(null)
> 
> 
> while searching the web I found a old but similar issue:
> http://www.linux-archive.org/fedora-selinux-support/195736-further-selinux-kismet.html
> 
> What should I do to successfully start kismet (without disabling SELinux)?

Probably:

mkdir ~/mykismet; cd ~/mykismet;
echo "policy_module(mykismet, 0.0.1)" > mykismet.te
echo "require { type kismet_t; }" >> mykismet.te
echo "dbus_system_bus_client(kismet_t) >> mykismet.te
make -f /usr/share/selinux/devel mykismet.pp
sudo semodule -i mykismet.po

> thanks
> Christoph
> (kismet.conf attached)
> 
> --
> fedora-selinux-list mailing list
> fedora-selinux-list at redhat.com
> https://www.redhat.com/mailman/listinfo/fedora-selinux-list
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 197 bytes
Desc: This is a digitally signed message part
URL: <http://listman.redhat.com/archives/fedora-selinux-list/attachments/20090705/bcbe6840/attachment.sig>

More information about the fedora-selinux-list mailing list