Red Hat Bugzilla – Bug 163775
name_connect denials with kernel 188.8.131.52.1372_FC3
Last modified: 2015-01-04 17:21:00 EST
From Bugzilla Helper:
User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.7.8) Gecko/20050513 Fedora/1.0.4-1.3.1 Firefox/1.0.4
Description of problem:
Remote url access result in name_connect denials for xchat and browsers.
The kernel 184.108.40.206.1372_FC3 package adds the name_connect permission feature. The package does not establish a dependency for a FC3 selinux_policy-targeted package that supports name connect permission.
Version-Release number of selected component (if applicable):
Steps to Reproduce:
1.Upgrade to FC3 220.127.116.11.1372_FC3 kernel package.
2.With selinux-polic-target 1.21.14-1 installed.
3.Reboot to new kernel.
4.Set selinux security to targeted policy and enabled.
5.Open a browse.
6.Enter a remote URL
Actual Results: A denied message appears in /var/log/messages
Expected Results: No log message and a web page should appear
Actual results could have been stated:
yum upgrade command executed succesfully.
Expected results could have been stated as:
A yum message complaining about the vintage of selinux-policy-targeted.
See bug 163771
davej and dwalsh are the best.
This should be fixed in the errata currently in updates-testing.
Can you test please ?