Bug 1242583
Summary: | allow dhcpc_t systemd_hostnamed_t:dbus send_msg | ||||||
---|---|---|---|---|---|---|---|
Product: | [Fedora] Fedora | Reporter: | Jiri Popelka <jpopelka> | ||||
Component: | selinux-policy-targeted | Assignee: | Vit Mojzis <vmojzis> | ||||
Status: | CLOSED ERRATA | QA Contact: | Ben Levenson <benl> | ||||
Severity: | medium | Docs Contact: | |||||
Priority: | high | ||||||
Version: | 23 | CC: | dwalsh, fdeutsch, jpopelka, mgrepl, vmojzis | ||||
Target Milestone: | --- | ||||||
Target Release: | --- | ||||||
Hardware: | All | ||||||
OS: | Linux | ||||||
Whiteboard: | |||||||
Fixed In Version: | selinux-policy-3.13.1-155.fc23 | Doc Type: | Bug Fix | ||||
Doc Text: | Story Points: | --- | |||||
Clone Of: | Environment: | ||||||
Last Closed: | 2015-11-26 20:58:14 UTC | Type: | Bug | ||||
Regression: | --- | Mount Type: | --- | ||||
Documentation: | --- | CRM: | |||||
Verified Versions: | Category: | --- | |||||
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |||||
Cloudforms Team: | --- | Target Upstream Version: | |||||
Embargoed: | |||||||
Attachments: |
|
Description
Jiri Popelka
2015-07-13 16:11:27 UTC
This bug appears to have been reported against 'rawhide' during the Fedora 23 development cycle. Changing version to '23'. (As we did not run this process for some time, it could affect also pre-Fedora 23 development cycle bugs. We are very sorry. It will help us with cleanup during Fedora 23 End Of Life. Thank you.) More information and reason for this action is here: https://fedoraproject.org/wiki/BugZappers/HouseKeeping/Fedora23 Maybe this bug has an impact con bug 1241712 comment 4 Jiri, does it work correctly with a local policy for this AVC? After creating local policy for the AVC in comment #0 there was one more AVC: type=USER_AVC msg=audit(1444729900.815:2459): pid=928 uid=81 auid=4294967295 ses=4294967295 subj=system_u:system_r:system_dbusd_t:s0-s0:c0.c1023 msg='avc: denied { send_msg } for msgtype=method_return dest=:1.465 spid=28893 tpid=28935 scontext=system_u:system_r:systemd_hostnamed_t:s0 tcontext=unconfined_u:system_r:dhcpc_t:s0-s0:c0.c1023 tclass=dbus exe="/usr/bin/dbus-daemon" sauid=81 hostname=? addr=? terminal=?' Since I added also that one to the local policy, everything seems to be working OK. I'll attach the te file created from those two AVCs via audit2allow. Created attachment 1082324 [details]
te file for local policy
This was created via
# cat audit.log | audit2allow -m dhcpchostname > dhcpchostname.te
Compiling and loading the module fixes the problem:
# checkmodule -M -m -o dhcpchostname.mod dhcpchostname.te
# semodule_package -o dhcpchostname.pp -m dhcpchostname.mod
# semodule -i dhcpchostname.pp
ping, can we move forward with this ? I believe Vit is working on a pull request with fixes. commit 7dd4cfb0b3c072d0aad298dc77a42b9844eceef6 Merge: 02f981d 754cbf0 Author: Miroslav Grepl <mgrepl> Date: Thu Nov 12 08:31:02 2015 +0100 Merge pull request #63 from vmojzis/f23-base Allow systemd-hostnamed to communicate with dhcp via dbus. commit 754cbf035b40e06a4f37d63efa61e7c28dfdac8e Author: Vit Mojzis <vmojzis> Date: Wed Nov 11 16:49:13 2015 +0100 Allow systemd-hostnamed to communicate with dhcp via dbus. #1242583 selinux-policy-3.13.1-155.fc23 has been submitted as an update to Fedora 23. https://bodhi.fedoraproject.org/updates/FEDORA-2015-0d84d6c75f selinux-policy-3.13.1-155.fc23 has been pushed to the Fedora 23 testing repository. If problems still persist, please make note of it in this bug report. If you want to test the update, you can install it with $ su -c 'dnf --enablerepo=updates-testing update selinux-policy' You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2015-0d84d6c75f selinux-policy-3.13.1-155.fc23 has been pushed to the Fedora 23 stable repository. If problems still persist, please make note of it in this bug report. |