Bug 314111

Summary: selinux blocks ypbind with NetworkManager
Product: [Fedora] Fedora Reporter: Orion Poplawski <orion>
Component: selinux-policyAssignee: Daniel Walsh <dwalsh>
Status: CLOSED RAWHIDE QA Contact: Fedora Extras Quality Assurance <extras-qa>
Severity: medium Docs Contact:
Priority: medium    
Version: rawhideKeywords: Reopened
Target Milestone: ---   
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2007-10-17 17:49:41 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description Orion Poplawski 2007-10-01 16:16:01 UTC 
Description of problem:

With enforcing on, ypbind fails to start.  Works with enforcing off.  Denials:

Oct  1 10:09:08 cynosure kernel: audit(1191254948.240:129): user pid=2237 uid=81
auid=4294967295 subj=system_u:system_r:system_dbusd_t:s0 msg='avc:  denied  {
send_msg } for msgtype=method_call interface=org.freedesktop.NetworkManager
member=state dest=org.freedesktop.NetworkManager spid=4096 tpid=2645
scontext=system_u:system_r:ypbind_t:s0
tcontext=system_u:system_r:NetworkManager_t:s0 tclass=dbus
Oct  1 10:09:08 cynosure kernel: audit(1191254948.255:130): user pid=2237 uid=81
auid=4294967295 subj=system_u:system_r:system_dbusd_t:s0 msg='avc:  denied  {
send_msg } for msgtype=method_return dest=:1.27 spid=2645 tpid=4096
scontext=system_u:system_r:NetworkManager_t:s0
tcontext=system_u:system_r:ypbind_t:s0 tclass=dbus

Version-Release number of selected component (if applicable):
selinux-policy-3.0.8-14.fc8
Comment 1 Daniel Walsh 2007-10-01 20:16:38 UTC 
Fixed in selinux-policy-3.0.8-16.fc8
Comment 2 Orion Poplawski 2007-10-04 16:37:03 UTC 
Verified fixed.
Comment 3 Orion Poplawski 2007-10-09 16:42:15 UTC 
it's back:

Oct  9 10:35:12 cynosure kernel: audit(1191947712.677:123): user pid=2186 uid=81
auid=4294967295 subj=system_u:system_r:system_dbusd_t:s0 msg='avc:  denied  {
send_msg } for msgtype=method_call interface=org.freedesktop.NetworkManager
member=state dest=org.freedesktop.NetworkManager spid=3960 tpid=2623
scontext=system_u:system_r:ypbind_t:s0
tcontext=system_u:system_r:NetworkManager_t:s0 tclass=dbus
Oct  9 10:35:12 cynosure kernel: audit(1191947712.680:124): user pid=2186 uid=81
auid=4294967295 subj=system_u:system_r:system_dbusd_t:s0 msg='avc:  denied  {
send_msg } for msgtype=method_return dest=:1.27 spid=2623 tpid=3960
scontext=system_u:system_r:NetworkManager_t:s0
tcontext=system_u:system_r:ypbind_t:s0 tclass=dbus

selinux-policy-3.0.8-18.fc8
Comment 4 Daniel Walsh 2007-10-09 20:44:43 UTC 
Fixed again in selinux-policy-3.0.8-20.fc8
Comment 5 Orion Poplawski 2007-10-17 17:49:41 UTC 
Verified again.