Bug 466944

Summary: Selinux prevents to activate wireless with network configuration
Product: [Fedora] Fedora Reporter: maurenzig <zig>
Component: dhcpAssignee: David Cantrell <dcantrell>
Status: CLOSED DUPLICATE QA Contact: Fedora Extras Quality Assurance <extras-qa>
Severity: high Docs Contact:
Priority: medium    
Version: 9CC: dcantrell, dwalsh, jkubin, mgrepl, wwoods
Target Milestone: ---   
Target Release: ---   
Hardware: i686   
OS: Linux   
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2008-10-15 20:29:23 EDT Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Description maurenzig 2008-10-14 13:20:02 EDT
Description of problem:
SELinux is preventing consoletype (consoletype_t) "read" to /var/lib/dhclient/dhclient-wlan0.leases (dhcpc_state_t). 

Version-Release number of selected component (if applicable):

How reproducible:

Steps to Reproduce:
1.activate wireless with network configuration
Actual results:

Expected results:

Additional info:
Source Context:  unconfined_u:system_r:consoletype_t:s0-s0:c0.c1023
Target Context:  unconfined_u:object_r:dhcpc_state_t:s0
Target Objects:  /var/lib/dhclient/dhclient-wlan0.leases [ file]
Source:  consoletype
Source Path:  /sbin/consoletype
Port:  <Unknown>
Host:  leased-2-223.fi.infn.it
Source RPM Packages:  initscripts-8.76.3-1
Target RPM Packages:  
Policy RPM:  selinux-policy-3.3.1-95.fc9
Selinux Enabled:  True
Policy Type:  targeted
MLS Enabled:  True
Enforcing Mode:  Enforcing
Plugin Name:  catchall_file
Host Name:  leased-2-223.fi.infn.it
Platform:  Linux leased-2-223.fi.infn.it #1 SMP Sat Sep 20 03:45:00 EDT 2008 i686 i686
Alert Count:  11
First Seen:  Tue 12 Aug 2008 07:36:00 PM CEST
Last Seen:  Tue 14 Oct 2008 07:01:29 PM CEST
Local ID:  8c9e6cb0-dff9-451b-8f2b-9cd023172a4f
Line Numbers:  
Raw Audit Messages :host=leased-2-223.fi.infn.it type=AVC msg=audit(1224003689.330:60): avc: denied { read } for pid=4069 comm="consoletype" path="/var/lib/dhclient/dhclient-wlan0.leases" dev=sda9 ino=38190 scontext=unconfined_u:system_r:consoletype_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:dhcpc_state_t:s0 tclass=file 

host=leased-2-223.fi.infn.it type=SYSCALL msg=audit(1224003689.330:60): arch=40000003 syscall=11 success=yes exit=0 a0=9c8e590 a1=9c8e028 a2=9c8e248 a3=0 items=0 ppid=4068 pid=4069 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=3 comm="consoletype" exe="/sbin/consoletype" subj=unconfined_u:system_r:consoletype_t:s0-s0:c0.c1023 key=(null)
Comment 1 Daniel Walsh 2008-10-15 09:05:29 EDT
dhclient is leaking an open file descrioptor and SELinux is catching it and closing it.  This will not cause you any problems and can be ignored.

dhclient should be fixed to close all open file descriptors before execing programs.

fcntl(fd, F_SETFD, FD_CLOEXEC)
Comment 2 David Cantrell 2008-10-15 20:29:23 EDT

*** This bug has been marked as a duplicate of bug 446632 ***