We have played around with dbus and SELinux. The only available documentation appears to be the dbus manpage. Unfortunately the example concerning the associate given in this manpage is not correct:
<associate own="org.freedesktop.Foobar" context="foo_t"/>
This should associate the ownership of the dbus service org.freedesktop.Foobar to the selinux domain foo_t. Actually you have to specify the full security context:
<associate own="org.freedesktop.Foobar" context="system_u:object_r:foo_t:s0"/>
I don't know SELinux. Laurent, Colin, can you confirm that
-<associate own="org.freedesktop.Foobar" context="foo_t"/>
+<associate own="org.freedesktop.Foobar" context="system_u:object_r:foo_t:s0"/>
is a correct change, or provide a different correct change?
Yes. This is the correct change. Thanks a lot. I should have provided the patch myself. Shame on me.
@Ralf: Is this the context (I didn't verify myself) of the running process or the one of the file on disk?
If it's the context of the process I would say that "system_u:system_r:foo_t:s0" as an example might be more correct
-- GitLab Migration Automatic Message --
This bug has been migrated to freedesktop.org's GitLab instance and has been closed from further activity.
You can subscribe and participate further through the new bug through this link to our GitLab instance: https://gitlab.freedesktop.org/dbus/dbus/issues/155.