Bug 554626

Summary: SELinux is preventing consoletype (consoletype_t) "read write" pppd_t.
Product: [Fedora] Fedora Reporter: sumanth <sumanth_yn>
Component: pppAssignee: Jiri Skala <jskala>
Status: CLOSED DUPLICATE QA Contact: Fedora Extras Quality Assurance <extras-qa>
Severity: medium Docs Contact:
Priority: low    
Version: 11CC: aglotov, jskala
Target Milestone: ---   
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2010-01-13 08:55:35 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description sumanth 2010-01-12 07:12:43 UTC 
Description of problem:

Summary:

SELinux is preventing consoletype (consoletype_t) "read write" pppd_t.

Detailed Description:

SELinux denied access requested by consoletype. It is not expected that this
access is required by consoletype and this access may signal an intrusion
attempt. It is also possible that the specific version or configuration of the
application is causing it to require additional access.

Allowing Access:

You can generate a local policy module to allow this access - see FAQ
(http://fedora.redhat.com/docs/selinux-faq-fc5/#id2961385) Or you can disable
SELinux protection altogether. Disabling SELinux protection is not recommended.
Please file a bug report (http://bugzilla.redhat.com/bugzilla/enter_bug.cgi)
against this package.

Additional Information:

Source Context                system_u:system_r:consoletype_t:s0
Target Context                system_u:system_r:pppd_t:s0
Target Objects                socket [ packet_socket ]
Source                        consoletype
Source Path                   /sbin/consoletype
Port                          <Unknown>
Host                          spandana
Source RPM Packages           initscripts-8.95.1-1
Target RPM Packages           
Policy RPM                    selinux-policy-3.6.12-92.fc11
Selinux Enabled               True
Policy Type                   targeted
MLS Enabled                   True
Enforcing Mode                Enforcing
Plugin Name                   catchall
Host Name                     spandana
Platform                      Linux spandana 2.6.29.4-167.fc11.i586 #1 SMP Wed
                              May 27 17:14:37 EDT 2009 i686 i686
Alert Count                   10
First Seen                    Mon 11 Jan 2010 11:43:02 PM IST
Last Seen                     Tue 12 Jan 2010 12:04:39 PM IST
Local ID                      869a6aae-2f7b-4b04-a6d5-7758f1cb0a70
Line Numbers                  

Raw Audit Messages            

node=spandana type=AVC msg=audit(1263278079.71:14): avc:  denied  { read write } for  pid=2403 comm="consoletype" path="socket:[15307]" dev=sockfs ino=15307 scontext=system_u:system_r:consoletype_t:s0 tcontext=system_u:system_r:pppd_t:s0 tclass=packet_socket

node=spandana type=SYSCALL msg=audit(1263278079.71:14): arch=40000003 syscall=11 success=yes exit=0 a0=834d4a0 a1=834d500 a2=834d180 a3=834d500 items=0 ppid=2402 pid=2403 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="consoletype" exe="/sbin/consoletype" subj=system_u:system_r:consoletype_t:s0 key=(null)




Version-Release number of selected component (if applicable):


How reproducible:


Steps to Reproduce:
1.
2.
3.
  
Actual results:


Expected results:


Additional info:
Comment 1 Daniel Walsh 2010-01-12 16:54:07 UTC 
This is a leaked file descriptor on ppp.
Comment 2 Jiri Skala 2010-01-13 08:55:35 UTC 
ppp-2.4.4-12.fc11 in testing state

*** This bug has been marked as a duplicate of bug 498789 ***