Bug 429603
| Summary: | selinux is preventing NetworkManager from writing to /var/pm-suspend.log | ||
|---|---|---|---|
| Product: | [Fedora] Fedora | Reporter: | Alex Eskin <alexeskin> |
| Component: | selinux-policy-targeted | Assignee: | Daniel Walsh <dwalsh> |
| Status: | CLOSED CURRENTRELEASE | QA Contact: | Ben Levenson <benl> |
| Severity: | low | Docs Contact: | |
| Priority: | low | ||
| Version: | 8 | ||
| Target Milestone: | --- | ||
| Target Release: | --- | ||
| Hardware: | All | ||
| OS: | Linux | ||
| Whiteboard: | |||
| Fixed In Version: | Current | Doc Type: | Bug Fix |
| Doc Text: | Story Points: | --- | |
| Clone Of: | Environment: | ||
| Last Closed: | 2008-03-05 22:17:07 UTC | Type: | --- |
| Regression: | --- | Mount Type: | --- |
| Documentation: | --- | CRM: | |
| Verified Versions: | Category: | --- | |
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
| Cloudforms Team: | --- | Target Upstream Version: | |
| Embargoed: | |||
You can allow this for now by executing # audit2allow -M mypol -i /var/log/audit/audit.log # semodule -i mypol.pp Fixed in selinux-policy-3.0.8-81.fc8 Bugs have been in modified for over one month. Closing as fixed in current release please reopen if the problem still persists. |
Description of problem: Summary SELinux is preventing /usr/sbin/NetworkManager (NetworkManager_t) "write" to /var/log/pm-suspend.log (hald_log_t). Detailed Description SELinux denied access requested by /usr/sbin/NetworkManager. It is not expected that this access is required by /usr/sbin/NetworkManager and this access may signal an intrusion attempt. It is also possible that the specific version or configuration of the application is causing it to require additional access. Additional Information Source Context: system_u:system_r:NetworkManager_t:s0 Target Context: system_u:object_r:hald_log_t:s0Target Objects: /var/log/pm-suspend.log [ file ]Affected RPM Packages: NetworkManager-0.7.0-0.6.6.svn3138.fc8 [application]pm-utils-0.99.4-6.fc8 [target]Policy RPM: selinux-policy-3.0.8-72.fc8 Selinux Enabled: TruePolicy Type: targeted MLS Enabled: True Enforcing Mode: Enforcing Plugin Name: plugins.catchall_file Host Name: bach.myhome.net Platform: Linux bach.myhome.net 2.6.23.9-85.fc8 #1 SMP Fri Dec 7 15:49:59 EST 2007 i686 i686Alert Count: 4First Seen: Fri 11 Jan 2008 06:15:26 AM CSTLast Seen: Sat 12 Jan 2008 01:02:00 PM CSTLocal ID: 9a9049cf-b054-4924-b7a6-9dff384eb9c6Line Numbers: Raw Audit Messages :avc: denied { write } for comm=NetworkManager dev=dm-0 egid=0 euid=0 exe=/usr/sbin/NetworkManager exit=0 fsgid=0 fsuid=0 gid=0 items=0 path=/var/log/pm-suspend.log pid=3118 scontext=system_u:system_r:NetworkManager_t:s0 sgid=0 subj=system_u:system_r:NetworkManager_t:s0 suid=0 tclass=file tcontext=system_u:object_r:hald_log_t:s0 tty=(none) uid=0 Version-Release number of selected component (if applicable): How reproducible: Always happens on suspend/resume Steps to Reproduce: 1. Start NetworkManager 2. Suspend to Ram 3. Resume Actual results: Expected results: Additional info: