Bug 228938 - mii-tool denied access to wcstatus.log by SELinux
mii-tool denied access to wcstatus.log by SELinux
Status: CLOSED NOTABUG
Product: Fedora
Classification: Fedora
Component: selinux-policy (Show other bugs)
6
All Linux
medium Severity low
: ---
: ---
Assigned To: Daniel Walsh
Ben Levenson
:
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2007-02-15 18:41 EST by Brian Trapp
Modified: 2007-11-30 17:11 EST (History)
0 users

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2007-02-16 10:01:25 EST
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)

  None (edit)
Description Brian Trapp 2007-02-15 18:41:39 EST
Description of problem:SELinux is blocking access from /sbin/mii-tool to
/var/log/wcstatus.log


Version-Release number of selected component (if applicable): 1.60


How reproducible:


Steps to Reproduce:
1.
2.
3.
  
Actual results:
SELinux denied access requested by /sbin/mii-tool. It is not expected that this
access is required by /sbin/mii-tool and this access may signal an intrusion
attempt. It is also possible that the specific version or configuration of the
application is causing it to require additional access.

Expected results:


Additional info:

Source Context:  system_u:system_r:ifconfig_t
Target Context:  user_u:object_r:var_log_t
Target Objects:  /var/log/wcstatus.log [ file ]
Affected RPM Packages:  net-tools-1.60-73 [application]
Policy RPM:  selinux-policy-2.4.6-35.fc6
Selinux Enabled:  True
Policy Type:  targeted
MLS Enabled:  TrueE
nforcing Mode:  Enforcing
Plugin Name:  plugins.catchall_file
Host Name:  baldy
Platform:  Linux baldy 2.6.19-1.2911.fc6 #1 SMP Sat Feb 10 15:16:31 EST 2007
x86_64 x86_64Alert Count:  39762Line Numbers:   Raw Audit Messages :
Comment 1 Radek Vokal 2007-02-16 04:30:32 EST
Reassigning to selinux-policy. Anyway I would strongly suggest to use ethtool
instaed of mii-tool.
Comment 2 Brian Trapp 2007-02-16 08:22:03 EST
Here are the version of selinux packages I have installed.

selinux-policy-2.4.6-35.fc6
libselinux-devel-1.33.4-2.fc6
selinux-policy-targeted-2.4.6-35.fc6
libselinux-1.33.4-2.fc6
libselinux-python-1.33.4-2.fc6
libselinux-devel-1.33.4-2.fc6

I just saw today that there is a selinux update available (-37) I'll update to
that when I get home and let you know if the error message still exists.
Comment 3 Daniel Walsh 2007-02-16 10:01:25 EST
This looks like a local customization.  Why is mii-tool writing to a log
/var/log/mcstatus.log?

If you need this you can add customized local policy.

audit2allow -M mymiipolicy < /var/log/audit/audit.log

Note You need to log in before you can comment on or make changes to this bug.