Bug 712136
Summary: | SELinux is preventing /usr/sbin/pppd from 'read' accesses on the lnk_file /var/lock. | ||
---|---|---|---|
Product: | [Fedora] Fedora | Reporter: | Old Uncle <old.uncle.z> |
Component: | 0xFFFF | Assignee: | Miroslav Grepl <mgrepl> |
Status: | CLOSED DUPLICATE | QA Contact: | Fedora Extras Quality Assurance <extras-qa> |
Severity: | medium | Docs Contact: | |
Priority: | unspecified | ||
Version: | 15 | CC: | dominick.grift, dwalsh, dwmw2, ejacobs, jlbouras, lech.lobocki, mgrepl, nihar_smily17 |
Target Milestone: | --- | ||
Target Release: | --- | ||
Hardware: | i386 | ||
OS: | Linux | ||
Whiteboard: | setroubleshoot_trace_hash:6df636d5961464d43741663523eca5cd785448bde375dd676a6b0505eb47e778 | ||
Fixed In Version: | selinux-policy-3.9.16-30.fc15 | Doc Type: | Bug Fix |
Doc Text: | Story Points: | --- | |
Clone Of: | Environment: | ||
Last Closed: | 2011-06-24 03:54:36 UTC | Type: | --- |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: | |||
Attachments: |
Description
Old Uncle
2011-06-09 14:59:56 UTC
The fix is to run as root: restorecon -R -v /var This only seems to partially work. 1) I plugged in my modem 2) I connected 3) I got the SELinux error 4) I ran restorecon on var 5) The folder still showed the wrong context, but my modem crashed. 6) I unplugged/replugged my modem 7) Now the file has the right context. The fact that the correct context is not set when the system first boots is an issue to me. The context should be right for now on. And we are pushing through a fix to policy to make sure it is correct on all boxes. Fixed in selinux-policy-3.9.16-29.fc15.noarch selinux-policy-3.9.16-29.fc15 has been submitted as an update for Fedora 15. https://admin.fedoraproject.org/updates/selinux-policy-3.9.16-29.fc15 Package selinux-policy-3.9.16-29.fc15: * should fix your issue, * was pushed to the Fedora 15 testing repository, * should be available at your local mirror within two days. Update it with: # su -c 'yum update --enablerepo=updates-testing selinux-policy-3.9.16-29.fc15' as soon as you are able to. Please go to the following url: https://admin.fedoraproject.org/updates/selinux-policy-3.9.16-29.fc15 then log in and leave karma (feedback). *** Bug 712361 has been marked as a duplicate of this bug. *** Package selinux-policy-3.9.16-30.fc15: * should fix your issue, * was pushed to the Fedora 15 testing repository, * should be available at your local mirror within two days. Update it with: # su -c 'yum update --enablerepo=updates-testing selinux-policy-3.9.16-30.fc15' as soon as you are able to. Please go to the following url: https://admin.fedoraproject.org/updates/selinux-policy-3.9.16-30.fc15 then log in and leave karma (feedback). selinux-policy-3.9.16-30.fc15 has been pushed to the Fedora 15 stable repository. If problems still persist, please make note of it in this bug report. Does not appear to fix it. After installing this policy, rebooting, and attempting to connect, I still got SELinux errors. I've attached the output of ausearch (ausearch.log) and the policy generated by audit2allow (audit2allow.output). [root@t510dora ~]# yum list installed '*selinux*' Loaded plugins: langpacks, presto, refresh-packagekit Installed Packages libselinux.i686 2.0.99-4.fc15 @anaconda-InstallationRepo-201105131946.i686 libselinux-python.i686 2.0.99-4.fc15 @anaconda-InstallationRepo-201105131946.i686 libselinux-utils.i686 2.0.99-4.fc15 @anaconda-InstallationRepo-201105131946.i686 selinux-policy.noarch 3.9.16-30.fc15 @updates selinux-policy-targeted.noarch 3.9.16-30.fc15 @updates Created attachment 509782 [details]
Output of ausearch piped into audit2allow
Created attachment 509784 [details]
The output of an ausearch done after the failed pppd connection.
These errors appear when I am trying to initiate the wireless connection with a Verizon USB modem, by the way. restorecon -R -v /run/lock Created attachment 510553 [details]
Log output of audit/messages before/after restorecon while connecting Verizon modem.
Does not work. Booting up the system and trying to attach the modem produces SELinux errors. "restorecon -R -v /run/lock" produces no output. Then trying to attach the modem produces SELinux errors again. Log of before/after restorecon is attached.
*** This bug has been marked as a duplicate of bug 717161 *** |