Bug 243778

Summary: Doesn't allow ifdown to signal dhclient
Product: [Fedora] Fedora Reporter: Bill Nottingham <notting>
Component: selinux-policy-targetedAssignee: Daniel Walsh <dwalsh>
Status: CLOSED CURRENTRELEASE QA Contact: Ben Levenson <benl>
Severity: low Docs Contact:
Priority: low    
Version: 7CC: rvokal
Target Milestone: ---   
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: Current Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2007-08-22 14:10:29 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description Bill Nottingham 2007-06-11 20:54:54 UTC 
Description of problem:

SELinux is preventing ifdown-eth (udev_t) "signal" to (dhcpc_t).

Detailed Description
SELinux denied access requested by ifdown-eth. It is not expected that this
access is required by ifdown-eth and this access may signal an intrusion
attempt. It is also possible that the specific version or configuration of the
application is causing it to require additional access.

Either:
a) it needs to allow this as-is
b) udev needs to transition to the proper domain when calling ifdown

Version-Release number of selected component (if applicable):

selinux-policy-targeted-2.6.4-13.fc7
Comment 1 Daniel Walsh 2007-06-12 15:17:20 UTC 
Fixed in selinux-policy-2.6.4-15

Why does udev do this and not hal?
Comment 2 Bill Nottingham 2007-06-12 15:59:16 UTC 
It's just the way it's always been done, I suppose. The 'ifup' bits seem to work
from udev.
Comment 3 Daniel Walsh 2007-08-22 14:10:29 UTC 
Closing as fixes are in the current release