|Summary:||DBus Manpage concerning SELinux wrong|
|Product:||dbus||Reporter:||Ralf Spenneberg <ralf>|
|Component:||core||Assignee:||D-Bus Maintainers <dbus>|
|Status:||RESOLVED MOVED||QA Contact:||D-Bus Maintainers <dbus>|
|i915 platform:||i915 features:|
Description Ralf Spenneberg 2016-08-29 05:50:45 UTC
We have played around with dbus and SELinux. The only available documentation appears to be the dbus manpage. Unfortunately the example concerning the associate given in this manpage is not correct: <associate own="org.freedesktop.Foobar" context="foo_t"/> This should associate the ownership of the dbus service org.freedesktop.Foobar to the selinux domain foo_t. Actually you have to specify the full security context: <associate own="org.freedesktop.Foobar" context="system_u:object_r:foo_t:s0"/>
Comment 1 Simon McVittie 2016-09-05 10:14:46 UTC
I don't know SELinux. Laurent, Colin, can you confirm that -<associate own="org.freedesktop.Foobar" context="foo_t"/> +<associate own="org.freedesktop.Foobar" context="system_u:object_r:foo_t:s0"/> is a correct change, or provide a different correct change?
Comment 2 Ralf Spenneberg 2016-09-05 13:42:39 UTC
Yes. This is the correct change. Thanks a lot. I should have provided the patch myself. Shame on me.
Comment 3 Laurent Bigonville 2016-10-03 14:53:06 UTC
@Ralf: Is this the context (I didn't verify myself) of the running process or the one of the file on disk? If it's the context of the process I would say that "system_u:system_r:foo_t:s0" as an example might be more correct
Comment 4 GitLab Migration User 2018-10-12 21:28:50 UTC
-- GitLab Migration Automatic Message -- This bug has been migrated to freedesktop.org's GitLab instance and has been closed from further activity. You can subscribe and participate further through the new bug through this link to our GitLab instance: https://gitlab.freedesktop.org/dbus/dbus/issues/155.