Bug 163775 - name_connect denials with kernel
Summary: name_connect denials with kernel
Alias: None
Product: Fedora
Classification: Fedora
Component: kernel   
(Show other bugs)
Version: 3
Hardware: i686 Linux
Target Milestone: ---
Assignee: Dave Jones
QA Contact: Brian Brock
URL: any remote url
Depends On:
TreeView+ depends on / blocked
Reported: 2005-07-20 22:16 UTC by Randy Heineke
Modified: 2015-01-04 22:21 UTC (History)
2 users (show)

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Last Closed: 2005-09-27 05:33:54 UTC
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)

Description Randy Heineke 2005-07-20 22:16:57 UTC
From Bugzilla Helper:
User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.7.8) Gecko/20050513 Fedora/1.0.4-1.3.1 Firefox/1.0.4

Description of problem:
Remote url access result in name_connect denials for xchat and browsers. 
The kernel package adds the name_connect permission feature.  The package does not establish a dependency for a FC3 selinux_policy-targeted package that supports name connect permission. 

Version-Release number of selected component (if applicable):

How reproducible:

Steps to Reproduce:
1.Upgrade to FC3 kernel package.
2.With selinux-polic-target 1.21.14-1 installed.
3.Reboot to new kernel.
4.Set selinux security to targeted policy and enabled.
5.Open a browse.
6.Enter a remote URL   

Actual Results:  A denied message appears in /var/log/messages

Expected Results:  No log message and a web page should appear

Additional info:

Actual results could have been stated:
yum upgrade command executed succesfully.

Expected results could have been stated as:
A yum message complaining about the vintage of selinux-policy-targeted.

See bug 163771 

davej and dwalsh are the best.

Comment 1 Dave Jones 2005-08-26 06:12:23 UTC
This should be fixed in the errata currently in updates-testing.
Can you test please ?

Note You need to log in before you can comment on or make changes to this bug.