commit: dcdc4e1b5d64f745c958adf1efece17b3fec67c1
Author: Clayton Casciato <ccasciato <AT> 21sw <DOT> us>
AuthorDate: Tue May 27 00:35:20 2025 +0000
Commit: Jason Zaman <perfinion <AT> gentoo <DOT> org>
CommitDate: Tue Jul 15 07:51:51 2025 +0000
URL:
https://gitweb.gentoo.org/proj/hardened-refpolicy.git/commit/?id=dcdc4e1b
unconfined: allow firewalld_t unconfined_t:dbus send_msg
~# firewall-cmd --state
ERROR:dbus.proxies:Introspect error on
:1.3:/org/fedoraproject/FirewallD1: dbus.exceptions.DBusException:
org.freedesktop.DBus.Error.NoReply: Did not receive a reply. Possible
causes include: the remote application did not send a reply, the
message bus security policy blocked the reply, the reply timeout
expired, or the network connection was broken.
--
type=USER_AVC pid=178 uid=messagebus auid=unset ses=unset
subj=system_u:system_r:system_dbusd_t:s0
msg='avc: denied { send_msg } for msgtype=method_return dest=:1.8
spid=228 tpid=525 scontext=system_u:system_r:firewalld_t:s0
tcontext=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023
tclass=dbus exe=/usr/bin/dbus-daemon sauid=messagebus hostname=? addr=?
terminal=?'
--
Fedora:
$ sesearch -A --source firewalld_t --target unconfined_t --class dbus
allow nsswitch_domain dbusd_unconfined:dbus send_msg;
allow system_bus_type dbusd_unconfined:dbus send_msg;
Signed-off-by: Clayton Casciato <ccasciato <AT> 21sw.us>
Signed-off-by: Jason Zaman <perfinion <AT> gentoo.org>
policy/modules/system/unconfined.te | 4 ++++
1 file changed, 4 insertions(+)
diff --git a/policy/modules/system/unconfined.te
b/policy/modules/system/unconfined.te
index 176c7d079..fb5494e5a 100644
--- a/policy/modules/system/unconfined.te
+++ b/policy/modules/system/unconfined.te
@@ -106,6 +106,10 @@ optional_policy(`
dpkg_run(unconfined_t, unconfined_r)
')
+optional_policy(`
+ firewalld_dbus_chat(unconfined_t)
+')
+
optional_policy(`
firstboot_run(unconfined_t, unconfined_r)
')
