Note: This bug is displayed in read-only format because the product is no longer active in Red Hat Bugzilla.
RHEL Engineering is moving the tracking of its product development work on RHEL 6 through RHEL 9 to Red Hat Jira (issues.redhat.com). If you're a Red Hat customer, please continue to file support cases via the Red Hat customer portal. If you're not, please head to the "RHEL project" in Red Hat Jira and file new tickets here. Individual Bugzilla bugs in the statuses "NEW", "ASSIGNED", and "POST" are being migrated throughout September 2023. Bugs of Red Hat partners with an assigned Engineering Partner Manager (EPM) are migrated in late September as per pre-agreed dates. Bugs against components "kernel", "kernel-rt", and "kpatch" are only migrated if still in "NEW" or "ASSIGNED". If you cannot log in to RH Jira, please consult article #7032570. That failing, please send an e-mail to the RH Jira admins at rh-issues@redhat.com to troubleshoot your issue as a user management inquiry. The email creates a ServiceNow ticket with Red Hat. Individual Bugzilla bugs that are migrated will be moved to status "CLOSED", resolution "MIGRATED", and set with "MigratedToJIRA" in "Keywords". The link to the successor Jira issue will be found under "Links", have a little "two-footprint" icon next to it, and direct you to the "RHEL project" in Red Hat Jira (issue links are of type "https://issues.redhat.com/browse/RHEL-XXXX", where "X" is a digit). This same link will be available in a blue banner at the top of the page informing you that that bug has been migrated.

Bug 696161

Summary: Selinux alert for wpa_supplicant in CSB 6.1
Product: Red Hat Enterprise Linux 6 Reporter: Mason Sanders <msanders>
Component: selinux-policyAssignee: Daniel Walsh <dwalsh>
Status: CLOSED ERRATA QA Contact: Karel Srot <ksrot>
Severity: low Docs Contact:
Priority: medium    
Version: 6.1CC: dwalsh, ksrot, mmalik, syeghiay
Target Milestone: rc   
Target Release: ---   
Hardware: x86_64   
OS: Linux   
Whiteboard:
Fixed In Version: selinux-policy-3.7.19-84.el6 Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2011-05-19 12:27:45 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On:    
Bug Blocks: 609355    

Description Mason Sanders 2011-04-13 13:07:03 UTC 
Description of problem:
I receive the following selinux alert once a day:

Summary:

Your system may be seriously compromised! /usr/sbin/wpa_supplicant tried to load
a kernel module.

Detailed Description:

SELinux has prevented wpa_supplicant from loading a kernel module. All confined
programs that need to load kernel modules should have already had policy written
for them. If a compromised application tries to modify the kernel this AVC will
be generated. This is a serious issue. Your system may very well be compromised.

Allowing Access:

Contact your security administrator and report this issue.

Additional Information:

Source Context                system_u:system_r:NetworkManager_t:s0-s0:c0.c1023
Target Context                system_u:system_r:NetworkManager_t:s0-s0:c0.c1023
Target Objects                None [ capability ]
Source                        wpa_supplicant
Source Path                   /usr/sbin/wpa_supplicant
Port                          <Unknown>
Host                          (removed)
Source RPM Packages           wpa_supplicant-0.6.8-10.el6
Target RPM Packages           
Policy RPM                    selinux-policy-3.7.19-80.el6
Selinux Enabled               True
Policy Type                   targeted
Enforcing Mode                Enforcing
Plugin Name                   sys_module
Host Name                     (removed)
Platform                      Linux msanders.csb 2.6.32-128.el6.x86_64 #1 SMP
                              Mon Mar 28 21:55:33 EDT 2011 x86_64 x86_64
Alert Count                   8
First Seen                    Fri 08 Apr 2011 08:22:58 AM EDT
Last Seen                     Wed 13 Apr 2011 08:13:41 AM EDT
Local ID                      b81a69fc-c9b9-44b7-b349-6e6d62edb17e
Line Numbers                  

Raw Audit Messages            

node=msanders.csb type=AVC msg=audit(1302696821.280:2310): avc:  denied  { sys_module } for  pid=1938 comm="wpa_supplicant" capability=16  scontext=system_u:system_r:NetworkManager_t:s0-s0:c0.c1023 tcontext=system_u:system_r:NetworkManager_t:s0-s0:c0.c1023 tclass=capability

node=msanders.csb type=SYSCALL msg=audit(1302696821.280:2310): arch=c000003e syscall=16 success=no exit=-19 a0=8 a1=8933 a2=7fff3a00cce0 a3=56ccbfa774e5fbc items=0 ppid=1 pid=1938 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="wpa_supplicant" exe="/usr/sbin/wpa_supplicant" subj=system_u:system_r:NetworkManager_t:s0-s0:c0.c1023 key=(null)


Version-Release number of selected component (if applicable):
selinux-policy-3.7.19-80.el6.noarch


How reproducible:
Happens every morning when i power on the laptop or resume from suspend

Steps to Reproduce:
1.turn on laptop/resume from suspend
2.
3.
  
Actual results:
alert

Expected results:
no alert

Additional info:
Comment 4 Daniel Walsh 2011-04-13 14:46:06 UTC 
This is already dontaudited in selinux-policy-3.7.19-84.el6
Comment 13 errata-xmlrpc 2011-05-19 12:27:45 UTC 
An advisory has been issued which should help the problem
described in this bug report. This report is therefore being
closed with a resolution of ERRATA. For more information
on therefore solution and/or where to find the updated files,
please follow the link below. You may reopen this bug report
if the solution does not work for you.

http://rhn.redhat.com/errata/RHBA-2011-0526.html