Bug 187406 - Permissive SElinux blocks wifi in NetworkManager on resume
Summary: Permissive SElinux blocks wifi in NetworkManager on resume
Keywords:
Status: CLOSED CURRENTRELEASE
Alias: None
Product: Fedora
Classification: Fedora
Component: selinux-policy
Version: 5
Hardware: All
OS: Linux
medium
medium
Target Milestone: ---
Assignee: Daniel Walsh
QA Contact:
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2006-03-30 19:06 UTC by simon
Modified: 2007-11-30 22:11 UTC (History)
3 users (show)

Fixed In Version: Current
Doc Type: Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed: 2007-03-28 20:03:46 UTC
Type: ---
Embargoed:


Attachments (Terms of Use)
/var/log/messages chunk (42.42 KB, text/plain)
2006-03-30 20:38 UTC, simon
no flags Details

Description simon 2006-03-30 19:06:40 UTC
Description of problem:
When I suspend and resume selinux is blocking NetworkManager from making an
association.
I installed fc5 with selinux disabled and there was no problem. I have since
tried the permissive setting (which I am currently using) and have come across
this problem. Rebooting and NM works fine again. Suspend/Resume and NM cannot
associate with the wifi, although it seems to get a list of available nets.
Pluging a net cable allows wired network access.
I tried disabling selinux service protection for NM and restarting the NM
service, but this still did not allow it to start.
I then tried switching to the enforced mode and NM started working again.
I have been able to suspend and resume in enforced mode with NM working ok
My wifi uses wep128

Version-Release number of selected component (if applicable):

selinux-policy-targeted-2.2.25-2.fc5
libselinux-1.30-1.fc5
libselinux-python-1.30-1.fc5
selinux-policy-2.2.25-2.fc5

NetworkManager-0.6.0-3

How reproducible:


Steps to Reproduce:
1. Set SElinux to permissive
2. Suspend machine
3. Resume machine
4. Attempt to connect to a wireless net
  
Actual results:
Wireless net access blocked

Expected results:
Associate with requested wifi net

Additional info:

Comment 1 Daniel Walsh 2006-03-30 19:49:19 UTC
I think you have a red herring here.  But please submit the AVC messages from
/var/log/messages

Comment 2 simon 2006-03-30 20:38:54 UTC
Created attachment 127073 [details]
/var/log/messages chunk

Relevant chunk of /var/log/messages from suspend/resume to eth1 failure

Comment 3 Daniel Walsh 2006-03-30 21:36:50 UTC
Any idea what process is running as mono_t?


Comment 4 Daniel Walsh 2006-03-30 21:48:29 UTC
Chris do you have any ideas?

Comment 5 simon 2006-03-31 08:00:56 UTC
mono_t is probably from beagled. POssible from banshee, but I don't think that
was running then.

Comment 7 Daniel Walsh 2006-05-09 20:15:17 UTC
Fixed in selinux-policy-2.2.38-1.FC5.

Comment 8 Daniel Walsh 2007-03-28 20:03:46 UTC
Closing bugs



Note You need to log in before you can comment on or make changes to this bug.