This service will be undergoing maintenance at 00:00 UTC, 2016-08-01. It is expected to last about 1 hours
Bug 239571 - pppd and selinux policy issue
pppd and selinux policy issue
Status: CLOSED INSUFFICIENT_DATA
Product: Red Hat Enterprise Linux 5
Classification: Red Hat
Component: selinux-policy (Show other bugs)
5.0
i386 Linux
medium Severity medium
: ---
: ---
Assigned To: Daniel Walsh
: SELinux
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2007-05-09 11:33 EDT by marc skinner
Modified: 2008-09-08 17:01 EDT (History)
0 users

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2008-09-08 17:01:15 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:


Attachments (Terms of Use)

  None (edit)
Description marc skinner 2007-05-09 11:33:35 EDT
Description of problem:

i have my verizon-evdo card setup and working fine.  but if i use networkmanager
to connect to the internet with it i get the following SELINUX policy violations.


SELinux is preventing /usr/sbin/pppd (pppd_t) "write" access to resolv.conf
(pppd_etc_t).

-----------------


Source Context:  system_u:system_r:pppd_tTarget
Context:  user_u:object_r:pppd_etc_tTarget Objects:  resolv.conf [ file
]Affected RPM Packages:  ppp-2.4.4-1.el5 [application]Policy
RPM:  selinux-policy-2.4.6-30.el5Selinux Enabled:  TruePolicy Type:  targetedMLS
Enabled:  TrueEnforcing Mode:  EnforcingPlugin Name:  plugins.disable_transHost
Name:  xunilPlatform:  Linux xunil 2.6.18-8.1.3.el5xen #1 SMP Mon Apr 16
16:23:32 EDT 2007 i686 i686Alert Count:  1Line Numbers:   Raw Audit Messages
:avc: denied { write } for comm="pppd" dev=sda3 egid=0 euid=0
exe="/usr/sbin/pppd" exit=-13 fsgid=0 fsuid=0 gid=0 items=0 name="resolv.conf"
pid=4348 scontext=system_u:system_r:pppd_t:s0 sgid=0
subj=system_u:system_r:pppd_t:s0 suid=0 tclass=file
tcontext=user_u:object_r:pppd_etc_t:s0 tty=ttyUSB0 uid=0 
Version-Release number of selected component (if applicable):


How reproducible:

i can reproduce everytime i connect.   i can get around it by doing this:

setsebool -P pppd_disable_trans=1  or by disabling SELINUX all together :(

so, not sure if the PPPD policy needs to be updated or not - but i thought i'd
pass it on.

i also got another ppp error but deleted it and it doesn't seem to come back b/c
i did the following command:  

setsebool -P xend_disable_trans=1


Steps to Reproduce:
1.
2.
3.
  
Actual results:


Expected results:


Additional info:
Comment 2 Daniel Walsh 2008-08-12 10:24:22 EDT
If you run 

# restorecon -R -v /etc/ppp

Does the problem come back?

Note You need to log in before you can comment on or make changes to this bug.