Re: dbus reading /proc/X/cmdline

All of lore.kernel.org
 help / color / mirror / Atom feed

From: Stephen Smalley <sds@tycho.nsa.gov>
To: russell@coker.com.au
Cc: SE-Linux <selinux@tycho.nsa.gov>
Subject: Re: dbus reading /proc/X/cmdline
Date: Wed, 04 Mar 2009 09:00:54 -0500	[thread overview]
Message-ID: <1236175254.2679.19.camel@localhost.localdomain> (raw)
In-Reply-To: <200903042309.37571.russell@coker.com.au>

On Wed, 2009-03-04 at 23:09 +1100, Russell Coker wrote:
> Why does the dbus-daemon want to read the cmdline of every process that it 
> talks to?  Is it something to allow or dontaudit?  It appears to work without 
> allowing it.
> 
> type=AVC msg=audit(1236168464.840:83): avc:  denied  { search } for  pid=2757 
> comm="dbus-daemon" name="2874" dev=proc ino=12535 
> scontext=unconfined_u:unconfined_r:system_dbusd_t:s0-s0:c0.c1023 
> tcontext=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 tclass=dir
> type=AVC msg=audit(1236168464.840:83): avc:  denied  { read } for  pid=2757 
> comm="dbus-daemon" name="cmdline" dev=proc ino=12536 
> scontext=unconfined_u:unconfined_r:system_dbusd_t:s0-s0:c0.c1023 
> tcontext=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 tclass=file
> type=SYSCALL msg=audit(1236168464.840:83): arch=40000003 syscall=5 success=yes 
> exit=16 a0=b8481fa0 a1=0 a2=b3a a3=b84826c0 items=0 ppid=1 pid=2757 
> auid=4294967295 uid=103 gid=105 euid=103 suid=103 fsuid=103 egid=105 sgid=105 
> fsgid=105 tty=(none) ses=4294967295 comm="dbus-daemon" 
> exe="/usr/bin/dbus-daemon" 
> subj=unconfined_u:unconfined_r:system_dbusd_t:s0-s0:c0.c1023 key=(null)

It appears to fetch that information for logging purposes (comm= field).

-- 
Stephen Smalley
National Security Agency


--
This message was distributed to subscribers of the selinux mailing list.
If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with
the words "unsubscribe selinux" without quotes as the message.

next prev parent reply	other threads:[~2009-03-04 14:00 UTC|newest]

Thread overview: 5+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2009-03-04 12:09 dbus reading /proc/X/cmdline Russell Coker
2009-03-04 14:00 ` Stephen Smalley [this message]
2009-03-04 15:45   ` Daniel J Walsh
2009-03-04 16:25     ` Stephen Smalley
2009-03-04 16:52       ` Daniel J Walsh

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=1236175254.2679.19.camel@localhost.localdomain \
    --to=sds@tycho.nsa.gov \
    --cc=russell@coker.com.au \
    --cc=selinux@tycho.nsa.gov \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.