Bug 1046738

Summary: wpa_supplicant avc denied
Product: [Fedora] Fedora Reporter: Peter H. Jones <jones.peter.busi>
Component: wpa_supplicantAssignee: Lubomir Rintel <lkundrak>
Status: CLOSED CURRENTRELEASE QA Contact: Fedora Extras Quality Assurance <extras-qa>
Severity: unspecified Docs Contact:
Priority: unspecified    
Version: 22CC: dcbw, lkundrak
Target Milestone: ---   
Target Release: ---   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2015-11-03 14:03:11 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Attachments:
Description Flags
dmesg output
none
dmesg output none

Description Peter H. Jones 2013-12-26 20:26:08 UTC 
Created attachment 842073 [details]
dmesg output

Description of problem:
dmesg gives:
"[  400.169934] type=1400 audit(1388065312.845:13): avc:  denied  { execstack } for  pid=1179 comm="wpa_supplicant" scontext=system_u:system_r:NetworkManager_t:s0 tcontext=system_u:system_r:NetworkManager_t:s0 tclass=process


Version-Release number of selected component (if applicable):
wpa_supplicant-2.0-8.fc21.x86_64 in 
Fedora-Live-Jam-KDE-x86_64-rawhide-20131226.iso

How reproducible:
Every time

Steps to Reproduce:
1. Boot the DVD

Actual results:
Wifi doesn't show available networks
message in dmesg output and /var/log/messages

Expected results:
Should be able to connect to wifi

Additional info:
Comment 1 Peter H. Jones 2013-12-26 20:39:30 UTC 
Created attachment 842074 [details]
dmesg output

grep -n wpa_supplicant *txt
dmesg_20131226.txt:1048:[  400.169934] type=1400 audit(1388065312.845:13): avc:  denied  { execstack } for  pid=1179 comm="wpa_supplicant" scontext=system_u:system_r:NetworkManager_t:s0 tcontext=system_u:system_r:NetworkManager_t:s0 tclass=process
messages_20131226.txt:1217:Dec 26 08:41:52 localhost dbus-daemon: dbus[945]: [system] Activating via systemd: service name='fi.w1.wpa_supplicant1' unit='wpa_supplicant.service'
messages_20131226.txt:1219:Dec 26 08:41:52 localhost dbus[945]: [system] Activating via systemd: service name='fi.w1.wpa_supplicant1' unit='wpa_supplicant.service'
messages_20131226.txt:1224:Dec 26 08:41:52 localhost kernel: [  400.169934] type=1400 audit(1388065312.845:13): avc:  denied  { execstack } for  pid=1179 comm="wpa_supplicant" scontext=system_u:system_r:NetworkManager_t:s0 tcontext=system_u:system_r:NetworkManager_t:s0 tclass=process
messages_20131226.txt:1225:Dec 26 08:41:52 localhost wpa_supplicant: /usr/sbin/wpa_supplicant: error while loading shared libraries: libk5crypto.so.3: cannot enable executable stack as shared object requires: Permission denied
messages_20131226.txt:1226:Dec 26 08:41:52 localhost systemd: wpa_supplicant.service: main process exited, code=exited, status=127/n/a
messages_20131226.txt:1228:Dec 26 08:41:52 localhost systemd: Unit wpa_supplicant.service entered failed state.
messages_20131226.txt:1258:Dec 26 08:42:17 localhost dbus-daemon: dbus[945]: [system] Failed to activate service 'fi.w1.wpa_supplicant1': timed out
messages_20131226.txt:1259:Dec 26 08:42:17 localhost dbus[945]: [system] Failed to activate service 'fi.w1.wpa_supplicant1': timed out
[
Comment 2 Jaroslav Reznik 2015-03-03 15:21:31 UTC 
This bug appears to have been reported against 'rawhide' during the Fedora 22 development cycle.
Changing version to '22'.

More information and reason for this action is here:
https://fedoraproject.org/wiki/Fedora_Program_Management/HouseKeeping/Fedora22
Comment 3 Fedora Admin XMLRPC Client 2015-10-14 14:50:04 UTC 
This package has changed ownership in the Fedora Package Database.  Reassigning to the new owner of this component.
Comment 4 Lubomir Rintel 2015-11-03 14:03:11 UTC 
Seems fixed to me:

[lkundrak@fedora21-1 ~]$ execstack -q /lib64/libk5crypto.so.3
- /lib64/libk5crypto.so.3
[lkundrak@fedora21-1 ~]$ rpm -qf /lib64/libk5crypto.so.3
krb5-libs-1.12.2-15.fc21.x86_64
[lkundrak@fedora21-1 ~]$ 

Possibly here:

* Thu Jan 02 2014 Nalin Dahyabhai <nalin> - 1.12-8
- add patch from Dhiru Kholia for the AES-NI implementations to allow
  libk5crypto to be properly marked as not needing an executable stack
  on arches where they're used (#1045699, and so many others)