Bug 152637 - /sbin/ip gets denied
Summary: /sbin/ip gets denied
Status: CLOSED RAWHIDE
Alias: None
Product: Fedora
Classification: Fedora
Component: selinux-policy-targeted (Show other bugs)
(Show other bugs)
Version: 4
Hardware: i686 Linux
medium
medium
Target Milestone: ---
Assignee: Daniel Walsh
QA Contact:
URL:
Whiteboard:
Keywords:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2005-03-30 22:09 UTC by Florin Andrei
Modified: 2007-11-30 22:11 UTC (History)
0 users

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2005-03-31 01:28:57 UTC
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)
Add an attachment (proposed patch, testcase, etc.)

Description Florin Andrei 2005-03-30 22:09:16 UTC 
From Bugzilla Helper:
User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.7.6) Gecko/20050323 Firefox/1.0.2 Fedora/1.0.2-1.3.1

Description of problem:
Minimal FC4t1 install, all package groups de-selected, then i re-selected Development and Legacy Devel.
SELinux is in warning mode.

When booting up the system, i noticed this message:

Mar 30 14:02:17 ergo kernel: audit(1112220124.115:0): avc:  denied  { read } for  pid=1238 exe=/sbin/ip path=/init dev=rootfs ino=11 scontext=user_u:system_r:ifconfig_t tcontext=system_u:object_r:root_t tclass=file

Also, if i add "*.* /dev/tty12" in syslog.conf then switch to Alt-F12 and reboot the system, i believe i saw a similar message while the system is going down (init 6). That message does not show up in the syslog files, i don't know why. I could remember wrong, though.

If SELinux is configured in Force mode, a whole lot more messages like that are displayed, not just one.

Version-Release number of selected component (if applicable):
selinux-policy-targeted-1.22.1-2

How reproducible:
Always

Steps to Reproduce:
1.see above
2.
3.
  

Additional info:
Comment 1 Daniel Walsh 2005-03-30 22:16:04 UTC 
Fixed in selinux-policy-targeted-1.23.5-1
Comment 2 Florin Andrei 2005-03-30 22:27:50 UTC 
Ok, i did a "yum update selinux-policy-targeted" and the bug is gone.
# rpm -q selinux-policy-targeted
selinux-policy-targeted-1.23.5-2

However, when doing the update, i got this message:

warning: /etc/selinux/targeted/booleans saved as
/etc/selinux/targeted/booleans.rpmsave

Is that something i should worry about?

Also, how about these messages? Are they normal?

/sbin/restorecon reset context
/bin/hostname:system_u:object_r:hostname_exec_t->system_u:object_r:bin_t
/sbin/restorecon reset context
/usr/src/redhat/BUILD/ulogd-1.22/extensions/ulogd_SYSLOG.c:root:object_r:tmp_t->system_u:object_r:src_t
/sbin/restorecon reset context
/usr/libexec/openssh/ssh-keysign:system_u:object_r:bin_t->system_u:object_r:ssh_keysign_exec_t
Comment 3 Daniel Walsh 2005-03-31 01:28:57 UTC 
No we have changed the way we handle booleans, we now use booleans.local for
local customization.  

Hostname policy was removed because it was providing no benefit and causing
problems.  ssh_keysign_exec_t is a new policy, Not sure where the ulogd problem
came from, looks like someone moved a file from /tmp.

So these are normal.
Note You need to log in before you can comment on or make changes to this bug.