Bug 453501

Summary: SELinux is preventing pppd (pppd_t) "write" to ./resolv.conf (pppd_etc_t).
Product: [Fedora] Fedora Reporter: Paresh Panditrao <pareshpanditrao>
Component: selinux-policyAssignee: Daniel Walsh <dwalsh>
Status: CLOSED INSUFFICIENT_DATA QA Contact: Fedora Extras Quality Assurance <extras-qa>
Severity: low Docs Contact:
Priority: low    
Version: 8CC: jkubin
Target Milestone: ---   
Target Release: ---   
Hardware: i686   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2008-08-01 15:50:49 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description Paresh Panditrao 2008-07-01 02:14:10 UTC 
Detailed Description:

SELinux denied access requested by pppd. It is not expected that this access is
required by pppd and this access may signal an intrusion attempt. It is also
possible that the specific version or configuration of the application is
causing it to require additional access.

Additional Information:

Source Context                system_u:system_r:pppd_t:s0
Target Context                system_u:object_r:pppd_etc_t:s0
Target Objects                ./resolv.conf [ file ]
Source                        pppd
Source Path                   /usr/sbin/pppd
Port                          <Unknown>
Host                          localhost.localdomain
Source RPM Packages           ppp-2.4.4-2
Target RPM Packages           
Policy RPM                    selinux-policy-3.0.8-109.fc8
Selinux Enabled               True
Policy Type                   targeted
MLS Enabled                   True
Enforcing Mode                Enforcing
Plugin Name                   catchall_file
Host Name                     localhost.localdomain
Platform                      Linux localhost.localdomain 2.6.25.6-27.fc8 #1 SMP
                              Fri Jun 13 16:38:52 EDT 2008 i686 i686
Alert Count                   36
First Seen                    Thu 08 May 2008 05:30:05 AM IST
Last Seen                     Tue 01 Jul 2008 06:46:53 AM IST
Local ID                      5ab68b64-0aa9-49b8-9780-10d2fb630c5c
Line Numbers                  

Raw Audit Messages            

host=localhost.localdomain type=AVC msg=audit(1214875013.86:86): avc:  denied  {
write } for  pid=9990 comm="pppd" name="resolv.conf" dev=sda5 ino=5076058
scontext=system_u:system_r:pppd_t:s0 tcontext=system_u:object_r:pppd_etc_t:s0
tclass=file

host=localhost.localdomain type=SYSCALL msg=audit(1214875013.86:86):
arch=40000003 syscall=5 success=no exit=-13 a0=b7f90806 a1=241 a2=1b6
a3=b9b96390 items=0 ppid=1702 pid=9990 auid=4294967295 uid=0 gid=0 euid=0 suid=0
fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="pppd"
exe="/usr/sbin/pppd" subj=system_u:system_r:pppd_t:s0 key=(null)
Comment 1 Daniel Walsh 2008-07-02 18:20:52 UTC 
Somehow /etc/resolv.conf got the wrong label on it.

restorecon -R -v /etc/resolv.conf will fix.

Any idea how this file got created?  If you fix the file context does it get
messed up again later?