Bug 243509
Summary: | SELinux is preventing /sbin/dhclient (dhcpc_t) "read write" to socket:[19896] (unconfined_t). | ||||||
---|---|---|---|---|---|---|---|
Product: | [Fedora] Fedora | Reporter: | Martin Jürgens <ma> | ||||
Component: | wlassistant | Assignee: | Tom "spot" Callaway <tcallawa> | ||||
Status: | CLOSED ERRATA | QA Contact: | Fedora Extras Quality Assurance <extras-qa> | ||||
Severity: | low | Docs Contact: | |||||
Priority: | low | ||||||
Version: | 7 | CC: | dwalsh | ||||
Target Milestone: | --- | ||||||
Target Release: | --- | ||||||
Hardware: | All | ||||||
OS: | Linux | ||||||
Whiteboard: | |||||||
Fixed In Version: | 0.5.7-3.fc7 | Doc Type: | Bug Fix | ||||
Doc Text: | Story Points: | --- | |||||
Clone Of: | Environment: | ||||||
Last Closed: | 2007-08-02 03:41:38 UTC | Type: | --- | ||||
Regression: | --- | Mount Type: | --- | ||||
Documentation: | --- | CRM: | |||||
Verified Versions: | Category: | --- | |||||
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |||||
Cloudforms Team: | --- | Target Upstream Version: | |||||
Embargoed: | |||||||
Attachments: |
|
Description
Martin Jürgens
2007-06-09 09:58:57 UTC
Created attachment 156638 [details]
selinux log
What is wlassistant? Is this something started in the user session that the dhclient then communicates with? Wlassistant is a tool to connection to wireless networks. It is available in the Fedora 7 archive. This looks like a leaked file descriptor. When wlassistant opens a unix_stream_socket connection it is not setting the FD_CLOSEXEC flag on the file descriptor. Then when it execs ifup, dhclient tries to look at the access available on all file descriptors handed to it, and generates these AVC messages. These messages can be safely ignored. But wlassistant should be fixed. Dan, I'm looking at the wlassistant code, and the only place I can see it opening a socket is a few calls like this: int iw_socket; iw_socket = iw_sockets_open();//get kernel socket Would the appropriate fix be to add (beneath the iw_sockets_open call): int flags; flags = fcntl(iw_socket, F_GETFD); if (flags == -1) return 0; flags |= FD_CLOEXEC; if (fcntl(iw_socket, F_SETFD, flags) == -1) return 0; If not, please point me to some sample code. Thanks. Yes that looks correct. wlassistant-0.5.7-3.fc7 should be pushing to testing very soon now. Could the original reporter please update and see if the SELinux alerts go away? wlassistant-0.5.7-3.fc7 has been pushed to the Fedora 7 testing repository. If problems still persist, please make note of it in this bug report. wlassistant-0.5.7-3.fc7 has been pushed to the Fedora 7 stable repository. If problems still persist, please make note of it in this bug report. |