Description of problem: When connecting to a unencrypted wireless network with wlassistant, I get a SELINUX altert. Version-Release number of selected component (if applicable): How reproducible: Every time Steps to Reproduce: 1. Open wlassistant 2. Connect to unencrypted network 3. Actual results: Selinux warning pops up Expected results: Nothing should happen Additional info: See attached file
Created attachment 156638 [details] selinux log
What is wlassistant? Is this something started in the user session that the dhclient then communicates with?
Wlassistant is a tool to connection to wireless networks. It is available in the Fedora 7 archive.
This looks like a leaked file descriptor. When wlassistant opens a unix_stream_socket connection it is not setting the FD_CLOSEXEC flag on the file descriptor. Then when it execs ifup, dhclient tries to look at the access available on all file descriptors handed to it, and generates these AVC messages. These messages can be safely ignored. But wlassistant should be fixed.
Dan, I'm looking at the wlassistant code, and the only place I can see it opening a socket is a few calls like this: int iw_socket; iw_socket = iw_sockets_open();//get kernel socket Would the appropriate fix be to add (beneath the iw_sockets_open call): int flags; flags = fcntl(iw_socket, F_GETFD); if (flags == -1) return 0; flags |= FD_CLOEXEC; if (fcntl(iw_socket, F_SETFD, flags) == -1) return 0; If not, please point me to some sample code. Thanks.
Yes that looks correct.
wlassistant-0.5.7-3.fc7 should be pushing to testing very soon now. Could the original reporter please update and see if the SELinux alerts go away?
wlassistant-0.5.7-3.fc7 has been pushed to the Fedora 7 testing repository. If problems still persist, please make note of it in this bug report.
wlassistant-0.5.7-3.fc7 has been pushed to the Fedora 7 stable repository. If problems still persist, please make note of it in this bug report.