Bug 1480910
Summary: | SELinux is preventing dhclient from 'map' accesses on the file /var/lib/NetworkManager/dhclient-ens3.conf. | ||
---|---|---|---|
Product: | [Fedora] Fedora | Reporter: | Joachim Frieben <jfrieben> |
Component: | selinux-policy | Assignee: | Lukas Vrabec <lvrabec> |
Status: | CLOSED ERRATA | QA Contact: | Fedora Extras Quality Assurance <extras-qa> |
Severity: | unspecified | Docs Contact: | |
Priority: | unspecified | ||
Version: | 27 | CC: | awilliam, dominick.grift, dwalsh, lsm5, lvrabec, mgrepl, plautrba, pmoore, ssekidde |
Target Milestone: | --- | ||
Target Release: | --- | ||
Hardware: | x86_64 | ||
OS: | Unspecified | ||
Whiteboard: | abrt_hash:d8ece69370e36d241f57baa27d9c2c79b09cee36b2189f2ea48adf8ff2971ac4;VARIANT_ID=workstation; | ||
Fixed In Version: | selinux-policy-3.13.1-271.fc27 | Doc Type: | If docs needed, set a value |
Doc Text: | Story Points: | --- | |
Clone Of: | Environment: | ||
Last Closed: | 2017-08-20 14:17:19 UTC | Type: | --- |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: | |||
Bug Depends On: | |||
Bug Blocks: | 1481454 |
Description
Joachim Frieben
2017-08-12 20:49:24 UTC
Description of problem: Happened in normal system use after the 'map' permission was added. There will likely be dupes of this with different file names, as the file is named for the network interface ('br1' in this case). Version-Release number of selected component: selinux-policy-3.13.1-270.fc27.noarch Additional info: reporter: libreport-2.9.1 hashmarkername: setroubleshoot kernel: 4.13.0-0.rc4.git4.1.fc27.x86_64 type: libreport This bug appears to have been reported against 'rawhide' during the Fedora 27 development cycle. Changing version to '27'. commit 7eef67f6b89825ef29042aff8c432751153b685f (HEAD -> rawhide) Author: Stephen Smalley <sds.gov> Date: Wed May 24 15:41:22 2017 -0400 contrib: allow map permission where needed Allow map permission where needed, based on limited testing. Introduced in the kernel in commit 6941857e82ae ("selinux: add a map permission check for mmap"). Depends on "refpolicy: Define and allow map permission" to define the permission. Signed-off-by: Stephen Smalley <sds.gov> Fixes issue. Moving to post. |