Bug 1047310
| Summary: | SELinux is preventing /usr/sbin/dhclient from using the 'execstack' accesses on a process. | ||
|---|---|---|---|
| Product: | [Fedora] Fedora | Reporter: | Nicolas Mailhot <nicolas.mailhot> |
| Component: | selinux-policy | Assignee: | Miroslav Grepl <mgrepl> |
| Status: | CLOSED DUPLICATE | QA Contact: | Fedora Extras Quality Assurance <extras-qa> |
| Severity: | unspecified | Docs Contact: | |
| Priority: | unspecified | ||
| Version: | rawhide | CC: | dominick.grift, dwalsh, lvrabec, mgrepl |
| Target Milestone: | --- | ||
| Target Release: | --- | ||
| Hardware: | x86_64 | ||
| OS: | Unspecified | ||
| Whiteboard: | abrt_hash:eba3dd91712bea7207f437635e709f33d4f2362a317daa31f64fe9baead8ba5f | ||
| Fixed In Version: | Doc Type: | Bug Fix | |
| Doc Text: | Story Points: | --- | |
| Clone Of: | Environment: | ||
| Last Closed: | 2014-01-02 21:34:53 UTC | Type: | --- |
| Regression: | --- | Mount Type: | --- |
| Documentation: | --- | CRM: | |
| Verified Versions: | Category: | --- | |
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
| Cloudforms Team: | --- | Target Upstream Version: | |
| Embargoed: | |||
*** This bug has been marked as a duplicate of bug 1045699 *** |
Description of problem: SELinux is preventing /usr/sbin/dhclient from using the 'execstack' accesses on a process. ***** Plugin catchall (100. confidence) suggests ************************** If vous pensez que dhclient devrait être autorisé à accéder execstack sur les processus étiquetés dhcpc_t par défaut. Then vous devriez rapporter ceci en tant qu'anomalie. Vous pouvez générer un module de stratégie local pour autoriser cet accès. Do autoriser cet accès pour le moment en exécutant : # grep dhclient /var/log/audit/audit.log | audit2allow -M mypol # semodule -i mypol.pp Additional Information: Source Context system_u:system_r:dhcpc_t:s0 Target Context system_u:system_r:dhcpc_t:s0 Target Objects [ process ] Source dhclient Source Path /usr/sbin/dhclient Port <Unknown> Host (removed) Source RPM Packages dhclient-4.2.5-28.fc21.x86_64 Target RPM Packages Policy RPM selinux-policy-3.13.1-10.fc21.noarch Selinux Enabled True Policy Type targeted Enforcing Mode Permissive Host Name (removed) Platform Linux (removed) 3.13.0-0.rc5.git0.1.fc21.x86_64 #1 SMP Mon Dec 23 14:23:13 UTC 2013 x86_64 x86_64 Alert Count 1 First Seen 2013-12-30 11:50:38 CET Last Seen 2013-12-30 11:50:38 CET Local ID 87206e88-31a9-4428-ab05-76b1d71c8ef1 Raw Audit Messages type=AVC msg=audit(1388400638.855:57): avc: denied { execstack } for pid=1027 comm="dhclient" scontext=system_u:system_r:dhcpc_t:s0 tcontext=system_u:system_r:dhcpc_t:s0 tclass=process type=AVC msg=audit(1388400638.855:57): avc: denied { execmem } for pid=1027 comm="dhclient" scontext=system_u:system_r:dhcpc_t:s0 tcontext=system_u:system_r:dhcpc_t:s0 tclass=process type=SYSCALL msg=audit(1388400638.855:57): arch=x86_64 syscall=mprotect success=yes exit=0 a0=7fff721c1000 a1=1000 a2=1000007 a3=0 items=0 ppid=887 pid=1027 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 ses=4294967295 tty=(none) comm=dhclient exe=/usr/sbin/dhclient subj=system_u:system_r:dhcpc_t:s0 key=(null) Hash: dhclient,dhcpc_t,dhcpc_t,process,execstack Additional info: reporter: libreport-2.1.10 hashmarkername: setroubleshoot kernel: 3.13.0-0.rc5.git0.1.fc21.x86_64 type: libreport Potential duplicate: bug 671000