Written by: Martin Orr Let dbus run /usr/lib/dbus-1.0/dbus-daemon-launch-helper Let dbus read /var/run/ConsoleKit Nov 22 22:00:04 caligula kernel: type=1400 audit(1227391204.922:5): avc: denied { execute_no_trans }for pid=3230 comm="dbus-daemon" path="/usr/lib/dbus-1.0/dbus-daemon-launch-helper" dev=dm-0 ino=405623 scontext=system_u:system_r:system_dbusd_t:s0 tcontext=system_u:object_r:lib_t:s0 tclass=file type=SYSCALL msg=audit(1305131267.896:43): arch=c000003e syscall=21 success=no exit=-13 a0=7f06c42920a0 a1=0 a2=0 a3=0 items=0 ppid=1 pid=2595 auid=4294967295 uid=103 gid=104 euid=103 suid=103 fsuid=103 egid=104 sgid=104 fsgid=104 tty=(none) ses=4294967295 comm="dbus-daemon" exe="/usr/bin/dbus-daemon" subj=system_u:system_r:system_dbusd_t:s0-s0:c0.c1023 key=(null) type=AVC msg=audit(1305131267.896:43): avc: denied { search } for pid=2595 comm="dbus-daemon" name="console" dev=tmpfs ino=6412 scontext=system_u:system_r:system_dbusd_t:s0-s0:c0.c1023 tcontext=system_u:object_r:consolekit_var_run_t:s0 tclass=dir Index: policy/modules/services/dbus.te =================================================================== --- policy/modules/services/dbus.te.orig +++ policy/modules/services/dbus.te @@ -141,6 +141,10 @@ ') optional_policy(` + consolekit_read_pid_files(system_dbusd_t) +') + +optional_policy(` policykit_dbus_chat(system_dbusd_t) policykit_domtrans_auth(system_dbusd_t) policykit_search_lib(system_dbusd_t) Index: policy/modules/services/dbus.fc =================================================================== --- policy/modules/services/dbus.fc.orig +++ policy/modules/services/dbus.fc @@ -6,6 +6,7 @@ /lib64/dbus-1/dbus-daemon-launch-helper -- gen_context(system_u:object_r:dbusd_exec_t,s0) /usr/bin/dbus-daemon(-1)? -- gen_context(system_u:object_r:dbusd_exec_t,s0) +/usr/lib/dbus-1\.0/dbus-daemon-launch-helper -- gen_context(system_u:object_r:dbusd_exec_t,s0) /usr/libexec/dbus-daemon-launch-helper -- gen_context(system_u:object_r:dbusd_exec_t,s0) /var/lib/dbus(/.*)? gen_context(system_u:object_r:system_dbusd_var_lib_t,s0)