Bug 175164 - dhclient / selinux avc: denied
Summary: dhclient / selinux avc: denied
Status: CLOSED NOTABUG
Alias: None
Product: Fedora
Classification: Fedora
Component: selinux-policy
Version: 4
Hardware: i386
OS: Linux
medium
medium
Target Milestone: ---
Assignee: Daniel Walsh
QA Contact:
URL:
Whiteboard:
Keywords:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2005-12-07 04:19 UTC by p thompson
Modified: 2007-11-30 22:11 UTC (History)
0 users

(edit)
Clone Of:
(edit)
Last Closed: 2006-01-02 17:31:31 UTC


Attachments (Terms of Use)

Description p thompson 2005-12-07 04:19:44 UTC
From Bugzilla Helper:
User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.7.12) Gecko/20050922 Fedora/1.0.7-1.1.fc4 Firefox/1.0.7

Description of problem:
I make use of the option in /sbin/dhclient-scripts for a /etc/dhclient-exit-hooks file, and I seem to get a lot of these while the exit hooks fail to run.
Dec  6 22:05:33 monotheletisia kernel: audit(1133928058.758:65): avc:  denied  { search } for  pid=1446 comm="dhclient-script" name="usr" dev=sdg2 ino=81601 scontext=system_u:system_r:dhcpc_t tcontext=user_u:object_r:file_t tclass=dir
Dec  6 22:05:33 monotheletisia kernel: audit(1133928058.770:66): avc:  denied  { search } for  pid=1450 comm="dhclient-script" name="usr" dev=sdg2 ino=81601 scontext=system_u:system_r:dhcpc_t tcontext=user_u:object_r:file_t tclass=dir
Dec  6 22:05:33 monotheletisia kernel: audit(1133928058.774:71): avc:  denied  { search } for  pid=1451 comm="dhclient-script" name="usr" dev=sdg2 ino=81601 scontext=system_u:system_r:dhcpc_t tcontext=user_u:object_r:file_t tclass=dir
Dec  6 22:05:33 monotheletisia kernel: audit(1133928058.778:76): avc:  denied  { search } for  pid=1453 comm="dhclient-script" name="usr" dev=sdg2 ino=81601 scontext=system_u:system_r:dhcpc_t tcontext=user_u:object_r:file_t tclass=dir
Dec  6 22:05:33 monotheletisia kernel: audit(1133928058.782:81): avc:  denied  { search } for  pid=1446 comm="dhclient-script" name="usr" dev=sdg2 ino=81601 scontext=system_u:system_r:dhcpc_t tcontext=user_u:object_r:file_t tclass=dir
Dec  6 22:05:33 monotheletisia kernel: audit(1133928058.782:82): avc:  denied  { search } for  pid=1446 comm="dhclient-script" name="usr" dev=sdg2 ino=81601 scontext=system_u:system_r:dhcpc_t tcontext=user_u:object_r:file_t tclass=dir
Dec  6 22:05:33 monotheletisia kernel: audit(1133928058.782:83): avc:  denied  { search } for  pid=1446 comm="dhclient-script" name="usr" dev=sdg2 ino=81601 scontext=system_u:system_r:dhcpc_t tcontext=user_u:object_r:file_t tclass=dir
Dec  6 22:05:33 monotheletisia kernel: audit(1133928058.786:84): avc:  denied  { search } for  pid=1455 comm="dhclient-script" name="usr" dev=sdg2 ino=81601 scontext=system_u:system_r:dhcpc_t tcontext=user_u:object_r:file_t tclass=dir
Dec  6 22:05:34 monotheletisia kernel: audit(1133928058.786:89): avc:  denied  { search } for  pid=1456 comm="dhclient-script" name="usr" dev=sdg2 ino=81601 scontext=system_u:system_r:dhcpc_t tcontext=user_u:object_r:file_t tclass=dir
Dec  6 22:05:34 monotheletisia kernel: audit(1133928058.794:94): avc:  denied  { search } for  pid=1458 comm="dhclient-script" name="usr" dev=sdg2 ino=81601 scontext=system_u:system_r:dhcpc_t tcontext=user_u:object_r:file_t tclass=dir
Dec  6 22:05:34 monotheletisia kernel: audit(1133928058.794:99): avc:  denied  { search } for  pid=1446 comm="dhclient-script" name="usr" dev=sdg2 ino=81601 scontext=system_u:system_r:dhcpc_t tcontext=user_u:object_r:file_t tclass=dir
Dec  6 22:05:34 monotheletisia kernel: audit(1133928058.794:100): avc:  denied  { search } for  pid=1446 comm="dhclient-script" name="usr" dev=sdg2 ino=81601 scontext=system_u:system_r:dhcpc_t tcontext=user_u:object_r:file_t tclass=dir
Dec  6 22:05:34 monotheletisia kernel: audit(1133928058.794:101): avc:  denied  { search } for  pid=1446 comm="dhclient-script" name="usr" dev=sdg2 ino=81601 scontext=system_u:system_r:dhcpc_t tcontext=user_u:object_r:file_t tclass=dir
Dec  6 22:05:34 monotheletisia kernel: audit(1133928058.798:102): avc:  denied  { search } for  pid=1459 comm="dhclient-script" name="usr" dev=sdg2 ino=81601 scontext=system_u:system_r:dhcpc_t tcontext=user_u:object_r:file_t tclass=dir
Dec  6 22:05:34 monotheletisia kernel: audit(1133928058.862:119): avc:  denied  { search } for  pid=1446 comm="dhclient-script" name="usr" dev=sdg2 ino=81601 scontext=system_u:system_r:dhcpc_t tcontext=user_u:object_r:file_t tclass=dir
Dec  6 22:05:36 monotheletisia kernel: audit(1133928059.570:124): avc:  denied  { search } for  pid=1480 comm="dhclient-script" name="usr" dev=sdg2 ino=81601 scontext=system_u:system_r:dhcpc_t tcontext=user_u:object_r:file_t tclass=dir
Dec  6 22:05:36 monotheletisia kernel: audit(1133928059.654:129): avc:  denied  { search } for  pid=1446 comm="dhclient-script" name="usr" dev=sdg2 ino=81601 scontext=system_u:system_r:dhcpc_t tcontext=user_u:object_r:file_t tclass=dir
Dec  6 22:05:37 monotheletisia kernel: audit(1133928059.658:134): avc:  denied  { search } for  pid=1446 comm="dhclient-script" name="usr" dev=sdg2 ino=81601 scontext=system_u:system_r:dhcpc_t tcontext=user_u:object_r:file_t tclass=dir
Dec  6 22:05:37 monotheletisia kernel: audit(1133928059.658:135): avc:  denied  { search } for  pid=1446 comm="dhclient-script" name="usr" dev=sdg2 ino=81601 scontext=system_u:system_r:dhcpc_t tcontext=user_u:object_r:file_t tclass=dir
Dec  6 22:05:37 monotheletisia kernel: audit(1133928059.658:136): avc:  denied  { search } for  pid=1446 comm="dhclient-script" name="usr" dev=sdg2 ino=81601 scontext=system_u:system_r:dhcpc_t tcontext=user_u:object_r:file_t tclass=dir
Dec  6 22:05:41 monotheletisia kernel: audit(1133928313.466:137): avc:  denied  { write } for  pid=1966 comm="dhclient-script" name="resolv.conf" dev=sdg2 ino=539441 scontext=system_u:system_r:dhcpc_t tcontext=root:object_r:etc_t tclass=file
Dec  6 22:05:41 monotheletisia kernel: audit(1133928313.466:138): avc:  denied  { write } for  pid=1966 comm="dhclient-script" name="resolv.conf" dev=sdg2 ino=539441 scontext=system_u:system_r:dhcpc_t tcontext=root:object_r:etc_t tclass=file


Version-Release number of selected component (if applicable):
selinux-policy-targeted-1.27.1-2.16

How reproducible:
Always

Steps to Reproduce:
1. operate dhclient
2.
3.
  

Additional info:

ls -Z /etc/dhclient-exit-hooks /sbin/dhclient-script /root/dhmail.pl
-rwxr-xr-x  root     root     system_u:object_r:dhcpc_exec_t   /etc/dhclient-exit-hooks
-rwxrwxr-x  root     thompson system_u:object_r:dhcpc_exec_t   /root/dhmail.pl
-rwxr-xr-x  root     root     system_u:object_r:dhcpc_exec_t   /sbin/dhclient-script
-rw-r--r--  root     root     system_u:object_r:net_conf_t     /etc/resolv.conf

I just changed the owner of dhmail.pl to root, I will see if that helps anything.

Comment 1 Daniel Walsh 2005-12-07 17:14:47 UTC
Your /usr partition is mislabled.  Please
touch /.autorelabel
reboot



Note You need to log in before you can comment on or make changes to this bug.