Bug ID 1210207
Summary selinux: missing policy for dbus allow msg for xdm_t
Classification openSUSE
Product openSUSE Tumbleweed
Version Current
Hardware Other
OS Other
Status NEW
Severity Normal
Priority P5 - None
Component MicroOS
Assignee kubic-bugs@opensuse.org
Reporter luca.dimaio1@gmail.com
QA Contact qa-bugs@suse.de
Found By ---
Blocker --- 

Created attachment 866166 [details]
generated rule for selinux with audit2allow

After latest update of either gpg or selinux, now communication with gpg-agent
is denied by selinux:

Apr 06 09:47:58 localhost dbus-daemon[1914]: avc:  denied  { send_msg } for
msgtype=method_return dest=:1.1048 spid=1892 tpid=5585
scontext=system_u:system_r:xdm_t:s0-s0:c0.c1023
tcontext=unconfined_u:system_r:spc_t:s0 tclass=dbus permissive=0


Running audit2why

avc:  denied  { send_msg } for msgtype=method_return dest=:1.1048 spid=1892
tpid=5585 scontext=system_u:system_r:xdm_t:s0-s0:c0.c1023
tcontext=unconfined_u:system_r:spc_t:s0 tclass=dbus permissive=0

    Was caused by:
        Missing type enforcement (TE) allow rule.

        You can use audit2allow to generate a loadable module to allow this
access.


In fact, audit2allow generates a valid module, and everything works like before

Attaching here the generated modules, loading them fixes the issue

You are receiving this mail because: