Bug 508866
| Summary: | SELinux failure with ifconfig | ||
|---|---|---|---|
| Product: | [Fedora] Fedora | Reporter: | Andrew John Hughes <gnu_andrew> |
| Component: | net-tools | Assignee: | Jiri Popelka <jpopelka> |
| Status: | CLOSED DUPLICATE | QA Contact: | Fedora Extras Quality Assurance <extras-qa> |
| Severity: | medium | Docs Contact: | |
| Priority: | low | ||
| Version: | 11 | CC: | ahughes, rvokal, zprikryl |
| Target Milestone: | --- | ||
| Target Release: | --- | ||
| Hardware: | x86_64 | ||
| OS: | Linux | ||
| Whiteboard: | |||
| Fixed In Version: | Doc Type: | Bug Fix | |
| Doc Text: | Story Points: | --- | |
| Clone Of: | Environment: | ||
| Last Closed: | 2009-07-01 12:20:44 UTC | Type: | --- |
| Regression: | --- | Mount Type: | --- |
| Documentation: | --- | CRM: | |
| Verified Versions: | Category: | --- | |
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
| Cloudforms Team: | --- | Target Upstream Version: | |
| Embargoed: | |||
Can you give me more specific steps how to reproduce this issue? What was the ifconfig command you've issued? I didn't, as mentioned above I received this when invoking vpnc (to connect to the Red Hat VPN) Fixed in selinux-policy-3.6.12-57.fc11 *** This bug has been marked as a duplicate of bug 508099 *** |
Description of problem: SELinux is preventing ifconfig (ifconfig_t) "read" security_t. Detailed Description: SELinux denied access requested by ifconfig. It is not expected that this access is required by ifconfig and this access may signal an intrusion attempt. It is also possible that the specific version or configuration of the application is causing it to require additional access. node=shelob.middle-earth.co.uk type=AVC msg=audit(1246351393.544:19): avc: denied { read } for pid=2512 comm="ifconfig" name="mls" dev=selinuxfs ino=12 scontext=unconfined_u:unconfined_r:ifconfig_t:s0-s0:c0.c1023 tcontext=system_u:object_r:security_t:s0 tclass=file node=shelob.middle-earth.co.uk type=SYSCALL msg=audit(1246351393.544:19): arch=c000003e syscall=2 success=no exit=-13 a0=7fff0bff9c30 a1=0 a2=7fff0bff9c3c a3=fffffff8 items=0 ppid=2496 pid=2512 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts1 ses=1 comm="ifconfig" exe="/sbin/ifconfig" subj=unconfined_u:unconfined_r:ifconfig_t:s0-s0:c0.c1023 key=(null) Version-Release number of selected component (if applicable): 1.60-92.fc11 How reproducible: Running vpnc Steps to Reproduce: 1. 2. 3. Actual results: Expected results: Additional info: