kismet - DBUS AVCs
Christoph A.
casmls at gmail.com
Sun Jul 5 18:59:57 UTC 2009
>> make -f /usr/share/selinux/devel/Makefile mykismet.pp
>>> sudo semodule -i mykismet.po
the module was loaded successfull:
semodule -l|grep myk
mykismet 0.0.1
> By the way you might need to give it even more permissions. The DBUS
> daemon object manager logs a lot of stuff to /var/log/messages instead
> of /var/log/audit/audit.log.
>
> I could for example imagine kismet wanting to send dbus msgs to
> network-manager or both dbus chatting to each other.
you are right:
type=USER_AVC msg=audit(1246817621.469:1260): user pid=1652 uid=81
auid=4294967295 ses=4294967295
subj=system_u:system_r:system_dbusd_t:s0-s0:c0.c1023 msg='avc: denied
{ send_msg } for msgtype=signal interface=org.freedesktop.NetworkManager
member=sleep dest=org.freedesktop.NetworkManager spid=18051 tpid=1850
scontext=unconfined_u:unconfined_r:kismet_t:s0-s0:c0.c1023
tcontext=system_u:system_r:NetworkManager_t:s0 tclass=dbus :
exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
starting kismet in enforcing mode gives me:
NOTICE: configdir '/root/' does not exist, making it.
FATAL: Could not make configdir: File exists
Before adding more homemade rules:
I'm wondering if all other kismet users are turning off SELinux or if I
have a special setup where the default rules of the kismet 1.2.0 module
do not work?
Also because Dan mentioned [1] that he will add dbus rules to solve
these denies.
The only thing that is non-standard in my config is the logtemplate
configuration (see kismet.conf).
[1]
http://www.linux-archive.org/fedora-selinux-support/195736-further-selinux-kismet.html
thanks
Christoph
-------------- next part --------------
An embedded and charset-unspecified text was scrubbed...
Name: kismet.conf
URL: <http://listman.redhat.com/archives/fedora-selinux-list/attachments/20090705/7eee2877/attachment.conf>
More information about the fedora-selinux-list
mailing list