Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!

Bug 426960

Summary: dbus fails to start due to /run migration
Product: Gentoo Linux Reporter: Amadeusz Sławiński <amade>
Component: SELinuxAssignee: Sven Vermeulen (RETIRED) <swift>
Status: VERIFIED FIXED    
Severity: normal CC: selinux
Priority: Normal    
Version: unspecified   
Hardware: All   
OS: Linux   
Whiteboard: sec-policy r15
Package list:
Runtime testing required: ---
Bug Depends on:    
Bug Blocks: 424173    

Description Amadeusz Sławiński 2012-07-17 10:05:16 UTC
# /etc/init.d/dbus start
Authenticating root.
Password: 
 * Starting D-BUS system messagebus ...
Failed to start message bus: Failed to bind socket "/var/run/dbus/system_bus_socket": Permission denied
 * start-stop-daemon: failed to start `/usr/bin/dbus-daemon'                                                                           [ !! ]
 * ERROR: dbus failed to start


In enforcing:
Jul 17 12:01:27 lain kernel: [  755.460810] type=1400 audit(1342519287.063:87): avc:  denied  { search } for  pid=3453 comm="dbus-daemon" name="dbus" dev="tmpfs" ino=4311 scontext=system_u:system_r:system_dbusd_t tcontext=system_u:object_r:initrc_var_run_t tclass=dir
Jul 17 12:01:27 lain kernel: [  755.460845] type=1400 audit(1342519287.063:88): avc:  denied  { search } for  pid=3453 comm="dbus-daemon" name="dbus" dev="tmpfs" ino=4311 scontext=system_u:system_r:system_dbusd_t tcontext=system_u:object_r:initrc_var_run_t tclass=dir

Not working:
# ls -lZ /run/ | grep dbus
drwxr-xr-x.  2 root root system_u:object_r:initrc_var_run_t    40 Jul 17 11:49 dbus

After manually restoring context
# restorecon -R /run/dbus/
# ls -lZ /run/ | grep dbus
drwxr-xr-x.  2 root root system_u:object_r:system_dbusd_var_run_t   40 Jul 17 11:49 dbus
# /etc/init.d/dbus start
Authenticating root.
Password: 
 * Starting D-BUS system messagebus ...                         

Reproducible: Always
Comment 1 Sven Vermeulen (RETIRED) gentoo-dev 2012-07-17 12:31:15 UTC
Is it the init script creating /run/dbus or the dbus daemon(s) itself? I'm assuming the init script (since the directory is currently labeled initrc_var_run_t) but it'd be nice if this can be confirmed.
Comment 2 Amadeusz Sławiński 2012-07-17 12:38:15 UTC
/var/run is link to /run

from init script:

	# We need to test if /var/run/dbus exists, since script will fail if it does not
	[ ! -e /var/run/dbus ] && mkdir /var/run/dbus
Comment 3 Jory A. Pratt gentoo-dev 2012-07-17 12:58:35 UTC
(In reply to comment #2)
> /var/run is link to /run
> 
> from init script:
> 
> 	# We need to test if /var/run/dbus exists, since script will fail if it
> does not
> 	[ ! -e /var/run/dbus ] && mkdir /var/run/dbus

tmpfs  			/run   		tmpfs  		mode=0755,nosuid,nodev,rootcontext=system_u:object_r:var_run_t  0 0

do you have something similar in /etc/fstab, I start in enforcing with dbus and udev without a single problem from either daemon.
Comment 4 Amadeusz Sławiński 2012-07-17 13:47:10 UTC
Yes I have the exact same line

[ebuild   R    ] sys-apps/dbus-1.6.2  USE="X (selinux) -debug -doc -static-libs -systemd -test" 0 kB

For me it always fails
Comment 5 Sven Vermeulen (RETIRED) gentoo-dev 2012-07-17 15:09:15 UTC
Is /var/run a symbolic link to /run and if so, did you do that yourself or was that created by Gentoo? My ~amd64 VMs don't have a symlink to /run...
Comment 6 Sven Vermeulen (RETIRED) gentoo-dev 2012-07-17 15:28:25 UTC
It is... it is...
Comment 7 Sven Vermeulen (RETIRED) gentoo-dev 2012-07-17 17:16:01 UTC
Will be fixed in rev15
Comment 8 Sven Vermeulen (RETIRED) gentoo-dev 2012-07-21 20:16:27 UTC
r15 now in hardened-dev overlay
Comment 9 Sven Vermeulen (RETIRED) gentoo-dev 2012-07-28 09:27:40 UTC
In main tree, ~arched
Comment 10 Sven Vermeulen (RETIRED) gentoo-dev 2012-10-04 18:33:13 UTC
stabilized