Bug 428011
Summary: | new AVC messages with test update | ||||||
---|---|---|---|---|---|---|---|
Product: | [Fedora] Fedora | Reporter: | Tim Waugh <twaugh> | ||||
Component: | selinux-policy | Assignee: | Daniel Walsh <dwalsh> | ||||
Status: | CLOSED CURRENTRELEASE | QA Contact: | Fedora Extras Quality Assurance <extras-qa> | ||||
Severity: | low | Docs Contact: | |||||
Priority: | low | ||||||
Version: | 8 | ||||||
Target Milestone: | --- | ||||||
Target Release: | --- | ||||||
Hardware: | All | ||||||
OS: | Linux | ||||||
Whiteboard: | |||||||
Fixed In Version: | Current | Doc Type: | Bug Fix | ||||
Doc Text: | Story Points: | --- | |||||
Clone Of: | Environment: | ||||||
Last Closed: | 2008-03-05 22:17:17 UTC | Type: | --- | ||||
Regression: | --- | Mount Type: | --- | ||||
Documentation: | --- | CRM: | |||||
Verified Versions: | Category: | --- | |||||
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |||||
Cloudforms Team: | --- | Target Upstream Version: | |||||
Embargoed: | |||||||
Bug Depends On: | |||||||
Bug Blocks: | 235704 | ||||||
Attachments: |
|
Description
Tim Waugh
2008-01-08 17:43:46 UTC
Created attachment 291140 [details]
policy-dnssd.patch
This selinux-policy patch fixes it. Dan, I'm a little hesitant about this
patch because it allows cupsd_t to execute /sbin/ifconfig. I only want CUPS
backends to be able to determine the IP addresses of the local interfaces, and
do not want to permit any changes.
Currently there is a backend (dnssd) which is a perl script that contains:
my @localips = ();
if (open IFCONFIG, "LC_ALL=C /sbin/ifconfig |") {
while (my $line = <IFCONFIG>) {
chomp $line;
if ($line =~ /^\s*inet\s+addr:\s*(\S+)/i) {
push (@localips, $1);
}
}
close IFCONFIG;
}
Is there a way to let this script find out the local IP addresses without being
able to make any changes to the interfaces?
Oops, forgot to change component first. Dan, please see above comment. This would not allow it to change ther interface. Is this needed for RHEL5? Fixed in selinux-policy-3.0.8-75 No, it is not needed for RHEL-5, at least not presently. The 'dnssd' backend is not shipped there. Thanks. Bugs have been in modified for over one month. Closing as fixed in current release please reopen if the problem still persists. |