Avahi no longer starting after todays update [and hald]

Roger Grosswiler roger at gwch.net
Thu Jan 26 10:51:19 UTC 2006 

Am Donnerstag, den 26.01.2006, 11:31 +0100 schrieb Roger Grosswiler:
> Since this day, avahi is no longer starting:
> 
> This comes from /var/log/messages:
> 
> Jan 26 11:25:36 niobe avahi-daemon[2358]: Successfully dropped root
> privileges.
> Jan 26 11:25:36 niobe avahi-daemon[2358]: avahi-daemon 0.6.4 starting
> up.
> Jan 26 11:25:36 niobe avahi-daemon[2358]: dbus_bus_get(): Failed to
> connect to s ocket /var/run/dbus/system_bus_socket: Permission denied
> 
> 
> Trying afterwards without selinux.
> 
> Roger
> 

Starts flawlessy in permissive mode, but not enforcing.

see /var/log/audit.log:

type=AVC msg=audit(1138271876.602:13): avc:  denied  { connectto } for
pid=2331  comm="avahi-daemon" name="system_bus_socket"
scontext=system_u:system_r:avahi_t :s0
tcontext=system_u:system_r:initrc_t:s0 tclass=unix_stream_socket
type=SYSCALL msg=audit(1138271876.602:13): arch=40000003 syscall=102
success=yes  exit=0 a0=3 a1=bfbe6bf0 a2=4295d4 a3=1f items=1 pid=2331
auid=4294967295 uid=70  gid=70 euid=70 suid=70 fsuid=70 egid=70 sgid=70
fsgid=70 comm="avahi-daemon" ex e="/usr/sbin/avahi-daemon"
type=USER_AVC msg=audit(1138271876.718:14): user pid=2318 uid=81
auid=4294967295  msg='avc:  denied  { send_msg } for msgtype=method_call
interface=org.freedeskt op.DBus member=Hello dest=org.freedesktop.DBus
spid=2331 scontext=system_u:syste m_r:avahi_t
tcontext=system_u:system_r:initrc_t tclass=dbus : exe="?" (sauid=81,
hostname=?, addr=?, terminal=?)'
type=USER_AVC msg=audit(1138271876.730:15): user pid=2318 uid=81
auid=4294967295  msg='avc:  denied  { send_msg } for msgtype=method_call
interface=org.freedeskt op.DBus member=RequestName
dest=org.freedesktop.DBus spid=2331 scontext=system_u :system_r:avahi_t
tcontext=system_u:system_r:initrc_t tclass=dbus : exe="?" (sau id=81,
hostname=?, addr=?, terminal=?)'
type=USER_AVC msg=audit(1138271876.730:16): user pid=2318 uid=81
auid=4294967295  msg='avc:  denied  { acquire_svc } for
service=org.freedesktop.Avahi spid=2331
scontext=system_u:system_r:avahi_t tcontext=system_u:system_r:initrc_t
tclass=db us : exe="?" (sauid=81, hostname=?, addr=?, terminal=?)'
type=USER_AVC msg=audit(1138271876.742:17): user pid=2318 uid=81
auid=4294967295  msg='avc:  denied  { send_msg } for msgtype=method_call
interface=org.freedeskt op.DBus member=AddMatch
dest=org.freedesktop.DBus spid=2331 scontext=system_u:sy stem_r:avahi_t
tcontext=system_u:system_r:initrc_t tclass=dbus : exe="?" (sauid= 81,
hostname=?, addr=?, terminal=?)'


audit2allow means:

allow avahi_t initrc_t:unix_stream_socket { acquire_svc connectto
send_msg };


with hald the same (sorry copied everything with hal out
of /var/log/audit.log)

type=AVC msg=audit(1138271878.543:22): avc:  denied  { execute } for
pid=2356 comm="hald" name="hal-system-storage-cleanup-mountpoints"
dev=dm-0 ino=1763093 scontext=system_u:system_r:hald_t:s0
tcontext=system_u:object_r:usr_t:s0 tclass=file
type=AVC msg=audit(1138271878.543:22): avc:  denied
{ execute_no_trans } for  pid=2356 comm="hald"
name="hal-system-storage-cleanup-mountpoints" dev=dm-0 ino=1763093
scontext=system_u:system_r:hald_t:s0 tcontext=system_u:object_r:usr_t:s0
tclass=file
type=AVC msg=audit(1138271878.591:23): avc:  denied  { read } for
pid=2356 comm="hal-system-stor" name="media" dev=dm-0 ino=4630337
scontext=system_u:system_r:hald_t:s0 tcontext=system_u:object_r:mnt_t:s0
tclass=dir
type=AVC msg=audit(1138271886.175:24): avc:  denied  { connectto } for
pid=2370 comm="hald-add-selinu" name="system_bus_socket"
scontext=system_u:system_r:hald_t:s0
tcontext=system_u:system_r:initrc_t:s0 tclass=unix_stream_socket
type=SYSCALL msg=audit(1138271886.175:24): arch=40000003 syscall=102
success=yes exit=0 a0=3 a1=bf82e960 a2=4295d4 a3=1f items=1 pid=2370
auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0
comm="hald-add-selinu" exe="/usr/libexec/hald-add-selinux-mount-option"
type=AVC msg=audit(1138271886.579:25): avc:  denied  { getattr } for
pid=2351 comm="hald" name="/" dev=hda2 ino=2
scontext=system_u:system_r:hald_t:s0
tcontext=system_u:object_r:boot_t:s0 tclass=dir
type=SYSCALL msg=audit(1138271886.579:25): arch=40000003 syscall=195
success=yes exit=0 a0=bfe3edce a1=bfe3ed4c a2=85fff4 a3=309 items=1
pid=2351 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0
fsgid=0 comm="hald" exe="/usr/sbin/hald"type=AVC
msg=audit(1138271886.583:26): avc:  denied  { search } for  pid=2351
comm="hald" name="fs" dev=proc ino=-268435429
scontext=system_u:system_r:hald_t:s0
tcontext=system_u:object_r:sysctl_fs_t:s0 tclass=dir
type=SYSCALL msg=audit(1138271886.583:26): arch=40000003 syscall=195
success=yes exit=0 a0=bfe3edc9 a1=bfe3ed4c a2=85fff4 a3=309 items=1
pid=2351 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0
fsgid=0 comm="hald" exe="/usr/sbin/hald"type=AVC
msg=audit(1138271886.587:27): avc:  denied  { search } for  pid=2351
comm="hald" name="nfs" dev=dm-0 ino=261112
scontext=system_u:system_r:hald_t:s0
tcontext=system_u:object_r:var_lib_nfs_t:s0 tclass=dir
type=SYSCALL msg=audit(1138271886.587:27): arch=40000003 syscall=195
success=yes exit=0 a0=bfe3edcb a1=bfe3ed4c a2=85fff4 a3=309 items=1
pid=2351 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0
fsgid=0 comm="hald" exe="/usr/sbin/hald"type=USER_AVC
msg=audit(1138271888.932:28): user pid=2318 uid=81 auid=4294967295
msg='avc:  denied  { acquire_svc } for service=org.freedesktop.Hal
spid=2351 scontext=system_u:system_r:hald_t
tcontext=system_u:system_r:initrc_t tclass=dbus : exe="?" (sauid=81,
hostname=?, addr=?, terminal=?)'
type=AVC msg=audit(1138271944.629:161): avc:  denied  { execute } for
pid=2662 comm="hald" name="hal-system-storage-mount" dev=dm-0
ino=1763096 scontext=system_u:system_r:hald_t:s0
tcontext=system_u:object_r:usr_t:s0 tclass=file
type=AVC msg=audit(1138271944.629:161): avc:  denied
{ execute_no_trans } for  pid=2662 comm="hald"
name="hal-system-storage-mount" dev=dm-0 ino=1763096
scontext=system_u:system_r:hald_t:s0 tcontext=system_u:object_r:usr_t:s0
tclass=file


and audit2allow:allow hald_t boot_t:dir getattr;
allow hald_t initrc_t:unix_stream_socket connectto;
allow hald_t mnt_t:dir read;
allow hald_t sysctl_fs_t:dir search;
allow hald_t usr_t:file execute_no_trans;
allow hald_t var_lib_nfs_t:dir search;


HTH
Roger

More information about the fedora-test-list mailing list