Bug 451720

Summary: After update, NetworkManager raises SELinux denials, does not access keyring.
Product: [Fedora] Fedora Reporter: August Schwerdfeger <august>
Component: NetworkManagerAssignee: Dan Williams <dcbw>
Status: CLOSED CURRENTRELEASE QA Contact: Fedora Extras Quality Assurance <extras-qa>
Severity: high Docs Contact:
Priority: low    
Version: 9CC: dcbw, wtogami
Target Milestone: ---   
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: selinux-policy-3.3.1-74.fc9 Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2008-07-16 02:12:45 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Attachments:
Description Flags
Diagnostics from 'setroubleshootd'. none

Description August Schwerdfeger 2008-06-16 21:17:08 UTC 
Description of problem:

After an update of the NetworkManager package, when I log in, three SELinux
denials are raised on NetworkManager's account, and NetworkManager does not
attempt to access the GNOME keyring unless I explicitly select a wireless
network for which such is required.

Version-Release number of selected component (if applicable):

NetworkManager-0.7.0-0.9.4.svn3675.fc9.i386


How reproducible:

Set up a wireless network with a secret stored inside the GNOME keyring.
Password-protect the keyring. Log in with that network being the default to
which to connect.

Expected results:

Before the update, immediately upon login, a dialog would pop up requesting the
password for the keyring. This password being given, NetworkManager would
connect to the secret-protected network.

Actual results:

After the update, when I log in, three SELinux denials are raised. No keyring
password prompt occurs and NetworkManager automatically connects to a network
for which secrets are not required. If I then explicitly select the
secret-protected network, the password prompt comes up and connection proceeds
as usual.

Additional info:

I attach information about the three denials raised by SELinux. Switching
SELinux to "permissive" mode does not alter the situation.
Comment 1 August Schwerdfeger 2008-06-16 21:17:08 UTC 
Created attachment 309539 [details]
Diagnostics from 'setroubleshootd'.