What am I doing wrong.

Colin Walters walters at verbum.org
Wed Dec 22 13:05:29 PST 2010


On Wed, Dec 22, 2010 at 2:05 PM, Daniel J Walsh <dwalsh at redhat.com> wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> In F14 and F15 I am getting this error in the log files for setroubleshootd.
>
>
> Dec 22 12:04:07 dhcp-10-16-61-93 dbus: [system] Rejected send message, 3
> matched rules; type="method_call", sender=":1.108" (uid=3267 pid=14339
> comm="/usr/bin/python) interface="org.freedesktop.DBus.Introspectable"
> member="Introspect" error name="(unset)" requested_reply=0
> destination="org.fedoraproject.Setroubleshootd" (uid=0 pid=14536
> comm="/usr/bin/python))

The (3 matched rules) is the important hint, along with knowing that
rules are applied in order we see them in the config file:

       <policy context="default">
               <allow send_destination="org.fedoraproject.Setroubleshootd"
                      send_interface="org.freedesktop.DBus.Introspectable"/>
               <deny own="org.fedoraproject.Setroubleshootd"/>
               <deny send_destination="org.fedoraproject.Setroubleshootd"/>
       </policy>

You need to move the <allow> for Introspectable below the generic <deny>, i.e.:

       <policy context="default">
               <deny own="org.fedoraproject.Setroubleshootd"/>
               <deny send_destination="org.fedoraproject.Setroubleshootd"/>
               <allow send_destination="org.fedoraproject.Setroubleshootd"
                      send_interface="org.freedesktop.DBus.Introspectable"/>
       </policy>

Actually both of the <deny> in that context are redundant, but not harmful.


More information about the dbus mailing list