LinuxQuestions.org
Visit Jeremy's Blog.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Security
User Name
Password
Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.

Notices


Reply
  Search this Thread
Old 09-04-2010, 01:08 PM   #1
spoovy
Member
 
Registered: Feb 2010
Location: London, UK
Distribution: Scientific, Ubuntu, Fedora
Posts: 373

Rep: Reputation: 43
Tomboy/ Glib -related SELinux problem? on Debian Squeeze


Hi. I cant get tomboy to work on my debian squeeze box. I've started to use it a lot on my laptop so really need it on here as well. I installed with aptitude, and tried to run it. Didn't work - I had SELinux still activated, silly me. So I did what I usually do, turned SEL to permissive, rebooted, and tried to open again. Still didn't work, although I am getting an SEL-related error message -

Code:
spoovy@dandelion:~$ tomboy

Unhandled Exception: GLib.GException: Failed to contact configuration server; some possible causes are that you need to enable TCP/IP networking for ORBit, or you have stale NFS locks due to a system crash. See http://projects.gnome.org/gconf/ for information. (Details —  1: Failed to get connection to session: An SELinux policy prevents this sender from sending this message to this recipient (rejected message had sender "(unset)" interface "org.freedesktop.DBus" member "Hello" error name "(unset)" destination "org.freedesktop.DBus"))
  at GConf.Client.GetConnections (System.String dir) [0x00000] 
  at GConf.Client.AddNotify (System.String dir, GConf.NotifyEventHandler notify) [0x00000] 
  at Tomboy.GConfPreferencesClient.AddNotify (System.String dir, Tomboy.NotifyEventHandler notify) [0x00000] 
  at Tomboy.Preferences.get_Client () [0x00000] 
  at Tomboy.Preferences.Get (System.String key) [0x00000] 
  at Tomboy.TomboyTray.MakeTrayNotesMenu () [0x00000] 
  at Tomboy.TomboyTray..ctor (Tomboy.NoteManager manager) [0x00000] 
  at Tomboy.TomboyTray..ctor (Tomboy.NoteManager manager, ITomboyTray tray) [0x00000] 
  at Tomboy.TomboyTrayIcon..ctor (Tomboy.NoteManager manager) [0x00000] 
  at Tomboy.Tomboy.StartTrayIcon () [0x00000] 
  at Tomboy.Tomboy.Main (System.String[] args) [0x00000]
So I tried to create my SEL module as I normally would -

Code:
spoovy@dandelion:~$ sudo audit2allow -l -a -M seltomboy
/sbin/audispd permissions should be 0750
******************** IMPORTANT ***********************
To make this policy package active, execute:

semodule -i seltomboy.pp

spoovy@dandelion:~$ sudo semodule -i seltomboy.pp
libsepol.check_assertion_helper: neverallow violated by allow system_dbusd_t fixed_disk_device_t:blk_file { read };
libsemanage.semanage_expand_sandbox: Expand module failed
semodule:  Failed!
spoovy@dandelion:~$ chmod 0750 /sbin/audispd
chmod: changing permissions of `/sbin/audispd': Operation not permitted
spoovy@dandelion:~$ sudo chmod 0750 /sbin/audispd
spoovy@dandelion:~$ sudo semodule -i seltomboy.pp
libsepol.check_assertion_helper: neverallow violated by allow system_dbusd_t fixed_disk_device_t:blk_file { read };
libsemanage.semanage_expand_sandbox: Expand module failed
semodule:  Failed!
spoovy@dandelion:~$ sudo getenforce
Permissive
spoovy@dandelion:~$
As you can see I checked that SEL is permissive, and it is. So I don't understand this at all. Anyone got any ideas?

Thanks in advance

spoov


edit

I changed file permissions of /sbin/audispd as suggested, and tried the whole thing as root. Still the same result -

Code:
root@dandelion:~# tomboy

Unhandled Exception: GLib.GException: Failed to contact configuration server; some possible causes are that you need to enable TCP/IP networking for ORBit, or you have stale NFS locks due to a system crash. See http://projects.gnome.org/gconf/ for information. (Details —  1: Failed to get connection to session: An SELinux policy prevents this sender from sending this message to this recipient (rejected message had sender "(unset)" interface "org.freedesktop.DBus" member "Hello" error name "(unset)" destination "org.freedesktop.DBus"))
  at GConf.Client.GetConnections (System.String dir) [0x00000] 
  at GConf.Client.AddNotify (System.String dir, GConf.NotifyEventHandler notify) [0x00000] 
  at Tomboy.GConfPreferencesClient.AddNotify (System.String dir, Tomboy.NotifyEventHandler notify) [0x00000] 
  at Tomboy.Preferences.get_Client () [0x00000] 
  at Tomboy.Preferences.Get (System.String key) [0x00000] 
  at Tomboy.TomboyTray.MakeTrayNotesMenu () [0x00000] 
  at Tomboy.TomboyTray..ctor (Tomboy.NoteManager manager) [0x00000] 
  at Tomboy.TomboyTray..ctor (Tomboy.NoteManager manager, ITomboyTray tray) [0x00000] 
  at Tomboy.TomboyTrayIcon..ctor (Tomboy.NoteManager manager) [0x00000] 
  at Tomboy.Tomboy.StartTrayIcon () [0x00000] 
  at Tomboy.Tomboy.Main (System.String[] args) [0x00000] 
root@dandelion:~# audit2allow -l -a -M seltomboy
******************** IMPORTANT ***********************
To make this policy package active, execute:

semodule -i seltomboy.pp

root@dandelion:~# semodule -i seltomboy.pp
libsepol.check_assertion_helper: neverallow violated by allow system_dbusd_t fixed_disk_device_t:blk_file { read };
libsemanage.semanage_expand_sandbox: Expand module failed
semodule:  Failed!
root@dandelion:~#

Last edited by spoovy; 09-04-2010 at 01:12 PM.
 
Old 09-06-2010, 12:01 AM   #2
craigevil
Senior Member
 
Registered: Apr 2005
Location: OZ
Distribution: Debian Sid/RPIOS
Posts: 4,883
Blog Entries: 28

Rep: Reputation: 533Reputation: 533Reputation: 533Reputation: 533Reputation: 533Reputation: 533
Selinux is overkill on a desktop or laptop.

Securing Debian Manual
http://www.debian.org/doc/manuals/se...-debian-howto/
 
Old 09-06-2010, 04:38 AM   #3
spoovy
Member
 
Registered: Feb 2010
Location: London, UK
Distribution: Scientific, Ubuntu, Fedora
Posts: 373

Original Poster
Rep: Reputation: 43
err.. ok.

But SELinux is set to permissive, and the problem remains.

FYI, I am using/learning SELinux as I have ambitions to run a web server in the not-too-distant-future.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
[SOLVED] Problem getting mythweb to work in debian/squeeze garyg007 Linux - Software 6 08-26-2010 03:06 PM
[SOLVED] Radeon Xpress 200 problem on Debian squeeze (kernel 2.6.30) kaz2100 Debian 7 11-24-2009 06:16 AM
403 error when NamedVirtualHost is enabled - *not* SELinux related gharvey Fedora 1 05-04-2009 03:33 PM
Related to gtk2.0, gdk & glib nedian123 Linux - Software 1 08-05-2004 09:38 PM
Problems with GLib and related dependencies Godboo Linux - Newbie 1 05-30-2004 05:11 PM

LinuxQuestions.org > Forums > Linux Forums > Linux - Security

All times are GMT -5. The time now is 07:29 AM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration