176069 – Network does not work for incoming info without setenforce 0 issued

Bug 176069 - Network does not work for incoming info without setenforce 0 issued

Summary: Network does not work for incoming info without setenforce 0 issued

Keywords:
Status:	CLOSED RAWHIDE
Alias:	None
Product:	Fedora
Classification:	Fedora
Component:	selinux-policy-targeted
Sub Component:
Version:	5
Hardware:	i686
OS:	Linux
Priority:	medium
Severity:	medium
Target Milestone:	---
Assignee:	Daniel Walsh
QA Contact:
Docs Contact:
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+	depends on / blocked

Reported:	2005-12-19 00:37 UTC by Jim Cornette
Modified:	2007-11-30 22:11 UTC (History)
CC List:	0 users
Fixed In Version:
Doc Type:	Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed:	2005-12-22 19:17:38 UTC
Type:	---
Embargoed:
Dependent Products:

Attachments	(Terms of Use)
This is from audit log (240.45 KB, text/plain) 2005-12-19 00:38 UTC, Jim Cornette	no flags	Details
after single selinux=o relabel (789.33 KB, text/plain) 2005-12-19 12:08 UTC, Jim Cornette	no flags	Details
View All

Description Jim Cornette 2005-12-19 00:37:04 UTC

From Bugzilla Helper:
User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.7.12) Gecko/20051215 Fedora/1.7.12-3

Description of problem:
After upgrading packages, rebooting, then trying to access the network, no network access was available. I had an assigned ip via dhcp and etc/resolv.conf had a valid entry. I could not even access my local system and its router.

After checking IP with ifconfig, stopping and starting network services, I checked /etc/resolv.conf.

I then decided to try setenforce 0 and I could access the network properly. I then ran setenforce 1 and tried to access my ISP mail with no response. Running setenforce 0 again allowed me to access the web and my pop account from my ISP.

Version-Release number of selected component (if applicable):


How reproducible:
Always

Steps to Reproduce:

1. Start system, try to access network via mozilla and mozilla mail.
2. check for usual settings in /etc/resolv.conf and IP via ifconfig
3. run setenforce 0 and try again
4. run setenforce 1 and try again
5. run setenforce 0 and use network
  

Actual Results:  
1. no mail or websites accessable
2. settings were normal for the network
3. was now able to access network
4. now, no mail or network access possible
5. submitting bug report on effected system


Expected Results:  I expected to b able to go to websites and check mail from my ISP

Additional info:

audit log content wil be sent as an attachment after bug submittal

Comment 1 Jim Cornette 2005-12-19 00:38:24 UTC

Created attachment 122388 [details]
This is from audit log

Comment 2 Jim Cornette 2005-12-19 12:06:21 UTC

After updating to current rawhide yesterday, I had to enter sellinux=0 single
and then perform the command fixfiles restore for my system to work properly
with network usage.
touch /.autorelabel did not happen on reboot. The feature bypassed on bootup.
Audit contains more granted than denied now.

Comment 3 Jim Cornette 2005-12-19 12:08:42 UTC

Created attachment 122397 [details]
after single selinux=o relabel

After selinux disabled, relabeling system and ordinary usage. This log for
audit exists

Comment 4 Daniel Walsh 2005-12-19 15:03:43 UTC

radeon_dri.so needs to be set text textrel_shlib_t

chcon -t textrel_shlib_t 

Please give me the path and I will put it in policy.

Also which policy do you have loaded?

Comment 5 Jim Cornette 2005-12-19 23:25:54 UTC

Much appreciated about the DRI catch for radeon.
/usr/lib/dri/radeon_dri.so

current version
selinux-policy-targeted-2.1.6-10

Comment 6 Jim Cornette 2005-12-21 23:52:32 UTC

The addition to selinux-policy-2.1.6-13 fixed the problem with DRI. 

Thanks!

No network problems either.

Note You need to log in before you can comment on or make changes to this bug.