# /etc/init.d/dbus start Authenticating root. Password: * Starting D-BUS system messagebus ... Failed to start message bus: Failed to bind socket "/var/run/dbus/system_bus_socket": Permission denied * start-stop-daemon: failed to start `/usr/bin/dbus-daemon' [ !! ] * ERROR: dbus failed to start In enforcing: Jul 17 12:01:27 lain kernel: [ 755.460810] type=1400 audit(1342519287.063:87): avc: denied { search } for pid=3453 comm="dbus-daemon" name="dbus" dev="tmpfs" ino=4311 scontext=system_u:system_r:system_dbusd_t tcontext=system_u:object_r:initrc_var_run_t tclass=dir Jul 17 12:01:27 lain kernel: [ 755.460845] type=1400 audit(1342519287.063:88): avc: denied { search } for pid=3453 comm="dbus-daemon" name="dbus" dev="tmpfs" ino=4311 scontext=system_u:system_r:system_dbusd_t tcontext=system_u:object_r:initrc_var_run_t tclass=dir Not working: # ls -lZ /run/ | grep dbus drwxr-xr-x. 2 root root system_u:object_r:initrc_var_run_t 40 Jul 17 11:49 dbus After manually restoring context # restorecon -R /run/dbus/ # ls -lZ /run/ | grep dbus drwxr-xr-x. 2 root root system_u:object_r:system_dbusd_var_run_t 40 Jul 17 11:49 dbus # /etc/init.d/dbus start Authenticating root. Password: * Starting D-BUS system messagebus ... Reproducible: Always
Is it the init script creating /run/dbus or the dbus daemon(s) itself? I'm assuming the init script (since the directory is currently labeled initrc_var_run_t) but it'd be nice if this can be confirmed.
/var/run is link to /run from init script: # We need to test if /var/run/dbus exists, since script will fail if it does not [ ! -e /var/run/dbus ] && mkdir /var/run/dbus
(In reply to comment #2) > /var/run is link to /run > > from init script: > > # We need to test if /var/run/dbus exists, since script will fail if it > does not > [ ! -e /var/run/dbus ] && mkdir /var/run/dbus tmpfs /run tmpfs mode=0755,nosuid,nodev,rootcontext=system_u:object_r:var_run_t 0 0 do you have something similar in /etc/fstab, I start in enforcing with dbus and udev without a single problem from either daemon.
Yes I have the exact same line [ebuild R ] sys-apps/dbus-1.6.2 USE="X (selinux) -debug -doc -static-libs -systemd -test" 0 kB For me it always fails
Is /var/run a symbolic link to /run and if so, did you do that yourself or was that created by Gentoo? My ~amd64 VMs don't have a symlink to /run...
It is... it is...
Will be fixed in rev15
r15 now in hardened-dev overlay
In main tree, ~arched
stabilized