What am I doing wrong.
Colin Walters
walters at verbum.org
Wed Dec 22 13:05:29 PST 2010
On Wed, Dec 22, 2010 at 2:05 PM, Daniel J Walsh <dwalsh at redhat.com> wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> In F14 and F15 I am getting this error in the log files for setroubleshootd.
>
>
> Dec 22 12:04:07 dhcp-10-16-61-93 dbus: [system] Rejected send message, 3
> matched rules; type="method_call", sender=":1.108" (uid=3267 pid=14339
> comm="/usr/bin/python) interface="org.freedesktop.DBus.Introspectable"
> member="Introspect" error name="(unset)" requested_reply=0
> destination="org.fedoraproject.Setroubleshootd" (uid=0 pid=14536
> comm="/usr/bin/python))
The (3 matched rules) is the important hint, along with knowing that
rules are applied in order we see them in the config file:
<policy context="default">
<allow send_destination="org.fedoraproject.Setroubleshootd"
send_interface="org.freedesktop.DBus.Introspectable"/>
<deny own="org.fedoraproject.Setroubleshootd"/>
<deny send_destination="org.fedoraproject.Setroubleshootd"/>
</policy>
You need to move the <allow> for Introspectable below the generic <deny>, i.e.:
<policy context="default">
<deny own="org.fedoraproject.Setroubleshootd"/>
<deny send_destination="org.fedoraproject.Setroubleshootd"/>
<allow send_destination="org.fedoraproject.Setroubleshootd"
send_interface="org.freedesktop.DBus.Introspectable"/>
</policy>
Actually both of the <deny> in that context are redundant, but not harmful.
More information about the dbus
mailing list