Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 426960 - dbus fails to start due to /run migration
Summary: dbus fails to start due to /run migration
Status: VERIFIED FIXED
Alias: None
Product: Gentoo Linux
Classification: Unclassified
Component: SELinux (show other bugs)
Hardware: All Linux
: Normal normal (vote)
Assignee: Sven Vermeulen (RETIRED)
URL:
Whiteboard: sec-policy r15
Keywords:
Depends on:
Blocks: 424173
  Show dependency tree
 
Reported: 2012-07-17 10:05 UTC by Amadeusz Sławiński
Modified: 2012-10-04 18:33 UTC (History)
1 user (show)

See Also:
Package list:
Runtime testing required: ---


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Amadeusz Sławiński 2012-07-17 10:05:16 UTC
# /etc/init.d/dbus start
Authenticating root.
Password: 
 * Starting D-BUS system messagebus ...
Failed to start message bus: Failed to bind socket "/var/run/dbus/system_bus_socket": Permission denied
 * start-stop-daemon: failed to start `/usr/bin/dbus-daemon'                                                                           [ !! ]
 * ERROR: dbus failed to start


In enforcing:
Jul 17 12:01:27 lain kernel: [  755.460810] type=1400 audit(1342519287.063:87): avc:  denied  { search } for  pid=3453 comm="dbus-daemon" name="dbus" dev="tmpfs" ino=4311 scontext=system_u:system_r:system_dbusd_t tcontext=system_u:object_r:initrc_var_run_t tclass=dir
Jul 17 12:01:27 lain kernel: [  755.460845] type=1400 audit(1342519287.063:88): avc:  denied  { search } for  pid=3453 comm="dbus-daemon" name="dbus" dev="tmpfs" ino=4311 scontext=system_u:system_r:system_dbusd_t tcontext=system_u:object_r:initrc_var_run_t tclass=dir

Not working:
# ls -lZ /run/ | grep dbus
drwxr-xr-x.  2 root root system_u:object_r:initrc_var_run_t    40 Jul 17 11:49 dbus

After manually restoring context
# restorecon -R /run/dbus/
# ls -lZ /run/ | grep dbus
drwxr-xr-x.  2 root root system_u:object_r:system_dbusd_var_run_t   40 Jul 17 11:49 dbus
# /etc/init.d/dbus start
Authenticating root.
Password: 
 * Starting D-BUS system messagebus ...                         

Reproducible: Always
Comment 1 Sven Vermeulen (RETIRED) gentoo-dev 2012-07-17 12:31:15 UTC
Is it the init script creating /run/dbus or the dbus daemon(s) itself? I'm assuming the init script (since the directory is currently labeled initrc_var_run_t) but it'd be nice if this can be confirmed.
Comment 2 Amadeusz Sławiński 2012-07-17 12:38:15 UTC
/var/run is link to /run

from init script:

	# We need to test if /var/run/dbus exists, since script will fail if it does not
	[ ! -e /var/run/dbus ] && mkdir /var/run/dbus
Comment 3 Jory A. Pratt gentoo-dev 2012-07-17 12:58:35 UTC
(In reply to comment #2)
> /var/run is link to /run
> 
> from init script:
> 
> 	# We need to test if /var/run/dbus exists, since script will fail if it
> does not
> 	[ ! -e /var/run/dbus ] && mkdir /var/run/dbus

tmpfs  			/run   		tmpfs  		mode=0755,nosuid,nodev,rootcontext=system_u:object_r:var_run_t  0 0

do you have something similar in /etc/fstab, I start in enforcing with dbus and udev without a single problem from either daemon.
Comment 4 Amadeusz Sławiński 2012-07-17 13:47:10 UTC
Yes I have the exact same line

[ebuild   R    ] sys-apps/dbus-1.6.2  USE="X (selinux) -debug -doc -static-libs -systemd -test" 0 kB

For me it always fails
Comment 5 Sven Vermeulen (RETIRED) gentoo-dev 2012-07-17 15:09:15 UTC
Is /var/run a symbolic link to /run and if so, did you do that yourself or was that created by Gentoo? My ~amd64 VMs don't have a symlink to /run...
Comment 6 Sven Vermeulen (RETIRED) gentoo-dev 2012-07-17 15:28:25 UTC
It is... it is...
Comment 7 Sven Vermeulen (RETIRED) gentoo-dev 2012-07-17 17:16:01 UTC
Will be fixed in rev15
Comment 8 Sven Vermeulen (RETIRED) gentoo-dev 2012-07-21 20:16:27 UTC
r15 now in hardened-dev overlay
Comment 9 Sven Vermeulen (RETIRED) gentoo-dev 2012-07-28 09:27:40 UTC
In main tree, ~arched
Comment 10 Sven Vermeulen (RETIRED) gentoo-dev 2012-10-04 18:33:13 UTC
stabilized