Bug 163775 - name_connect denials with kernel 2.6.12.1.1372_FC3
name_connect denials with kernel 2.6.12.1.1372_FC3
Status: CLOSED ERRATA
Product: Fedora
Classification: Fedora
Component: kernel (Show other bugs)
3
i686 Linux
medium Severity medium
: ---
: ---
Assigned To: Dave Jones
Brian Brock
any remote url
:
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2005-07-20 18:16 EDT by Randy Heineke
Modified: 2015-01-04 17:21 EST (History)
2 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2005-09-27 01:33:54 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)

  None (edit)
Description Randy Heineke 2005-07-20 18:16:57 EDT
From Bugzilla Helper:
User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.7.8) Gecko/20050513 Fedora/1.0.4-1.3.1 Firefox/1.0.4

Description of problem:
Remote url access result in name_connect denials for xchat and browsers. 
The kernel 2.6.12.1.1372_FC3 package adds the name_connect permission feature.  The package does not establish a dependency for a FC3 selinux_policy-targeted package that supports name connect permission. 

Version-Release number of selected component (if applicable):
kernel 2.6.12.1.1372_FC3

How reproducible:
Always

Steps to Reproduce:
1.Upgrade to FC3 2.6.12.1.1372_FC3 kernel package.
2.With selinux-polic-target 1.21.14-1 installed.
3.Reboot to new kernel.
4.Set selinux security to targeted policy and enabled.
5.Open a browse.
6.Enter a remote URL   

Actual Results:  A denied message appears in /var/log/messages

Expected Results:  No log message and a web page should appear

Additional info:

Actual results could have been stated:
yum upgrade command executed succesfully.

Expected results could have been stated as:
A yum message complaining about the vintage of selinux-policy-targeted.

See bug 163771 

davej and dwalsh are the best.
Comment 1 Dave Jones 2005-08-26 02:12:23 EDT
This should be fixed in the errata currently in updates-testing.
Can you test please ?

Note You need to log in before you can comment on or make changes to this bug.