Bug 239571 - pppd and selinux policy issue
Summary: pppd and selinux policy issue
Alias: None
Product: Red Hat Enterprise Linux 5
Classification: Red Hat
Component: selinux-policy   
(Show other bugs)
Version: 5.0
Hardware: i386 Linux
Target Milestone: ---
: ---
Assignee: Daniel Walsh
QA Contact:
Keywords: SELinux
Depends On:
TreeView+ depends on / blocked
Reported: 2007-05-09 15:33 UTC by marc skinner
Modified: 2008-09-08 21:01 UTC (History)
0 users

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Last Closed: 2008-09-08 21:01:15 UTC
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)

Description marc skinner 2007-05-09 15:33:35 UTC
Description of problem:

i have my verizon-evdo card setup and working fine.  but if i use networkmanager
to connect to the internet with it i get the following SELINUX policy violations.

SELinux is preventing /usr/sbin/pppd (pppd_t) "write" access to resolv.conf


Source Context:  system_u:system_r:pppd_tTarget
Context:  user_u:object_r:pppd_etc_tTarget Objects:  resolv.conf [ file
]Affected RPM Packages:  ppp-2.4.4-1.el5 [application]Policy
RPM:  selinux-policy-2.4.6-30.el5Selinux Enabled:  TruePolicy Type:  targetedMLS
Enabled:  TrueEnforcing Mode:  EnforcingPlugin Name:  plugins.disable_transHost
Name:  xunilPlatform:  Linux xunil 2.6.18-8.1.3.el5xen #1 SMP Mon Apr 16
16:23:32 EDT 2007 i686 i686Alert Count:  1Line Numbers:   Raw Audit Messages
:avc: denied { write } for comm="pppd" dev=sda3 egid=0 euid=0
exe="/usr/sbin/pppd" exit=-13 fsgid=0 fsuid=0 gid=0 items=0 name="resolv.conf"
pid=4348 scontext=system_u:system_r:pppd_t:s0 sgid=0
subj=system_u:system_r:pppd_t:s0 suid=0 tclass=file
tcontext=user_u:object_r:pppd_etc_t:s0 tty=ttyUSB0 uid=0 
Version-Release number of selected component (if applicable):

How reproducible:

i can reproduce everytime i connect.   i can get around it by doing this:

setsebool -P pppd_disable_trans=1  or by disabling SELINUX all together :(

so, not sure if the PPPD policy needs to be updated or not - but i thought i'd
pass it on.

i also got another ppp error but deleted it and it doesn't seem to come back b/c
i did the following command:  

setsebool -P xend_disable_trans=1

Steps to Reproduce:
Actual results:

Expected results:

Additional info:

Comment 2 Daniel Walsh 2008-08-12 14:24:22 UTC
If you run 

# restorecon -R -v /etc/ppp

Does the problem come back?

Note You need to log in before you can comment on or make changes to this bug.