Bug 1394642 - Allow NetworkManager-ssh to perform getattr on ~/.ssh/known_hosts
Summary: Allow NetworkManager-ssh to perform getattr on ~/.ssh/known_hosts
Keywords:
Status: CLOSED NOTABUG
Alias: None
Product: Fedora
Classification: Fedora
Component: selinux-policy
Version: 24
Hardware: All
OS: Unspecified
unspecified
unspecified
Target Milestone: ---
Assignee: Lukas Vrabec
QA Contact: Fedora Extras Quality Assurance
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2016-11-14 06:27 UTC by Dan Fruehauf
Modified: 2016-11-16 03:50 UTC (History)
7 users (show)

Fixed In Version:
Doc Type: If docs needed, set a value
Doc Text:
Clone Of:
Environment:
Last Closed: 2016-11-14 15:25:32 UTC
Type: Bug

Attachments (Terms of Use)
Add an attachment (proposed patch, testcase, etc.)

Description Dan Fruehauf 2016-11-14 06:27:03 UTC 
Description of problem:
NetworkManager-ssh performs stat on ~/.ssh/known_hosts and selinux denies that.


Version-Release number of selected component (if applicable):
Current version of NetworkManager-ssh and selinux-policy


Steps to Reproduce:
1. Setup a NetworkManager-ssh VPN connection
2. Try to connect

Actual results:
VPN fails and crashes when performing stat on ~/.ssh/known_hosts


Expected results:
NetworkManager-ssh (NetworkManager actually) can perform getattr on .ssh/known_hosts for any given user


Additional info:
Source Context                system_u:system_r:NetworkManager_t:s0
Target Context                unconfined_u:object_r:home_root_t:s0
Target Objects                /home/user/.ssh/known_hosts [ file ]
Source                        nm-ssh-service
Source Path                   nm-ssh-service
Port                          <Unknown>
Host                          host
Source RPM Packages           
Target RPM Packages           
Policy RPM                    selinux-policy-3.13.1-191.18.fc24.noarch
Selinux Enabled               True
Policy Type                   targeted
Enforcing Mode                Enforcing
Host Name                     host
Platform                      Linux keke 4.7.7-200.fc24.x86_64 #1 SMP Sat Oct 8
                              00:21:59 UTC 2016 x86_64 x86_64
Alert Count                   24
First Seen                    2016-11-13 21:44:18 AEDT
Last Seen                     2016-11-14 17:13:01 AEDT
Local ID                      c130b5ca-1f82-4da0-a5f4-f9c4ad9803d7
Comment 1 Lukas Vrabec 2016-11-14 15:25:32 UTC 
Please fix labels on your /home partition

# restorecon -Rv /home
Comment 2 Dan Fruehauf 2016-11-16 03:50:55 UTC 
Thanks! All good. I should have probably RTFM.
Note You need to log in before you can comment on or make changes to this bug.