Bug 630477
Summary: | SELinux is preventing /bin/bash "getattr" access on /bin/hostname. | ||||||
---|---|---|---|---|---|---|---|
Product: | [Fedora] Fedora | Reporter: | Steve Tyler <stephent98> | ||||
Component: | selinux-policy | Assignee: | Daniel Walsh <dwalsh> | ||||
Status: | CLOSED ERRATA | QA Contact: | Fedora Extras Quality Assurance <extras-qa> | ||||
Severity: | medium | Docs Contact: | |||||
Priority: | low | ||||||
Version: | 14 | CC: | dwalsh, mgrepl | ||||
Target Milestone: | --- | ||||||
Target Release: | --- | ||||||
Hardware: | x86_64 | ||||||
OS: | Linux | ||||||
Whiteboard: | setroubleshoot_trace_hash:f911b727a370a28a2158697737c32be375613652c0b463fa9680b4bdfc279928 | ||||||
Fixed In Version: | selinux-policy-3.9.3-1.fc14 | Doc Type: | Bug Fix | ||||
Doc Text: | Story Points: | --- | |||||
Clone Of: | Environment: | ||||||
Last Closed: | 2010-09-11 03:42:28 UTC | Type: | --- | ||||
Regression: | --- | Mount Type: | --- | ||||
Documentation: | --- | CRM: | |||||
Verified Versions: | Category: | --- | |||||
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |||||
Cloudforms Team: | --- | Target Upstream Version: | |||||
Embargoed: | |||||||
Attachments: |
|
Description
Steve Tyler
2010-09-05 20:21:33 UTC
After resuming from suspend-to-ram, I get 49 SELinux alerts. Many appear to be networking related, so it could be because: I have removed NetworkManager from my system and am using the network init script to manage networking. Networking resumes as expected. setroubleshoot doesn't seem to have a way to generate a text summary listing all 49 alerts, so I will try to find another way. Maybe there is a possible enhancement ... $ chkconfig --list | grep -i net netconsole 0:off 1:off 2:off 3:off 4:off 5:off 6:off netfs 0:off 1:off 2:off 3:on 4:on 5:on 6:off network 0:off 1:off 2:on 3:on 4:on 5:on 6:off $ rpm -qa 'Net*' '*net*' 'init*' 'dhc*' | sort dhclient-4.2.0-6.fc14.x86_64 gnome-netstatus-2.28.1-1.fc14.x86_64 initscripts-9.18-1.fc14.x86_64 libnetfilter_conntrack-0.0.101-1.fc13.x86_64 libnfnetlink-1.0.0-1.fc13.x86_64 net-tools-1.60-104.fc14.x86_64 NetworkManager-glib-0.8.1-6.git20100831.fc14.x86_64 system-config-network-1.6.1-1.fc14.noarch system-config-network-tui-1.6.1-1.fc14.noarch telnet-0.17-47.fc14.x86_64 Created attachment 443196 [details]
last 49 avc records from audit.log
[root@cedar audit]# grep avc audit.log | tail -49 > /tmp/audit-avc-49.1.log
Quick and dirty ... :-)
Reproduced: 1. remove all se alerts 2. relabel on reboot 3. suspend to ram 4. resume 5. unlock display There are again 49 alerts. NB: This was a clean install ("/" formatted) using the F14-Alpha net installer CD. Fixed in selinux-policy-3.9.3-1.fc14 I think almost all of these can be fixed with sysnet_domtrans_dhcpc(devicekit_power_t) (In reply to comment #4) > Fixed in selinux-policy-3.9.3-1.fc14 > > I think almost all of these can be fixed with > > sysnet_domtrans_dhcpc(devicekit_power_t) Thanks, Dan. selinux-policy-3.9.3-1.fc14 has been submitted as an update for Fedora 14. https://admin.fedoraproject.org/updates/selinux-policy-3.9.3-1.fc14 (In reply to comment #6) > selinux-policy-3.9.3-1.fc14 has been submitted as an update for Fedora 14. > https://admin.fedoraproject.org/updates/selinux-policy-3.9.3-1.fc14 This update eliminates all 49 alerts after suspending and resuming. Thanks! Update karma please. selinux-policy-3.9.3-1.fc14 has been pushed to the Fedora 14 testing repository. If problems still persist, please make note of it in this bug report. If you want to test the update, you can install it with su -c 'yum --enablerepo=updates-testing update selinux-policy'. You can provide feedback for this update here: https://admin.fedoraproject.org/updates/selinux-policy-3.9.3-1.fc14 selinux-policy-3.9.3-1.fc14 has been pushed to the Fedora 14 stable repository. If problems still persist, please make note of it in this bug report. |