Here is a patch that Bill Nottingham recently put into the Fedora dbus package to stop the daemon from aborting on selinux denials.
Created attachment 11578 [details] [review] dbus-1.1.2-no-abort.patch
See discussion on the list, there is a second abort in the same place that this potentially doesn't fix.
committed with reworked patch which only sets the error if no error has be set: diff --git a/bus/bus.c b/bus/bus.c index 99e4856..864e48b 100644 --- a/bus/bus.c +++ b/bus/bus.c @@ -1180,27 +1180,23 @@ bus_context_check_security_policy (BusContext *context, dbus_message_get_error_name (message), dest ? dest : DBUS_SERVICE_DBUS, error)) { + if (error != NULL && !dbus_error_is_set (error)) + { + dbus_set_error (error, DBUS_ERROR_ACCESS_DENIED, + "An SELinux policy prevents this sender " + "from sending this message to this recipient " + "(rejected message had interface \"%s\" " + "member \"%s\" error name \"%s\" destination \"%s\")", + dbus_message_get_interface (message) ? + dbus_message_get_interface (message) : "(unset)", + dbus_message_get_member (message) ? + dbus_message_get_member (message) : "(unset)", + dbus_message_get_error_name (message) ? + dbus_message_get_error_name (message) : "(unset)", + dest ? dest : DBUS_SERVICE_DBUS); + _dbus_verbose ("SELinux security check denying send to service\n"); + } - if (dbus_error_is_set (error) && - dbus_error_has_name (error, DBUS_ERROR_NO_MEMORY)) - { - return FALSE; - } - - - dbus_set_error (error, DBUS_ERROR_ACCESS_DENIED, - "An SELinux policy prevents this sender " - "from sending this message to this recipient " - "(rejected message had interface \"%s\" " - "member \"%s\" error name \"%s\" destination \"%s\")", - dbus_message_get_interface (message) ? - dbus_message_get_interface (message) : "(unset)", - dbus_message_get_member (message) ? - dbus_message_get_member (message) : "(unset)", - dbus_message_get_error_name (message) ? - dbus_message_get_error_name (message) : "(unset)", - dest ? dest : DBUS_SERVICE_DBUS); - _dbus_verbose ("SELinux security check denying send to service\n"); return FALSE; }
Use of freedesktop.org services, including Bugzilla, is subject to our Code of Conduct. How we collect and use information is described in our Privacy Policy.