243778 – Doesn't allow ifdown to signal dhclient

Bug 243778 - Doesn't allow ifdown to signal dhclient

Summary: Doesn't allow ifdown to signal dhclient

Keywords:
Status:	CLOSED CURRENTRELEASE
Alias:	None
Product:	Fedora
Classification:	Fedora
Component:	selinux-policy-targeted
Sub Component:
Version:	7
Hardware:	All
OS:	Linux
Priority:	low
Severity:	low
Target Milestone:	---
Assignee:	Daniel Walsh
QA Contact:	Ben Levenson
Docs Contact:
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+	depends on / blocked

Reported:	2007-06-11 20:54 UTC by Bill Nottingham
Modified:	2014-03-17 03:07 UTC (History)
CC List:	1 user (show)
Fixed In Version:	Current
Clone Of:
Environment:
Last Closed:	2007-08-22 14:10:29 UTC
Type:	---
Embargoed:
Dependent Products:

Attachments	(Terms of Use)

Description Bill Nottingham 2007-06-11 20:54:54 UTC

Description of problem:

SELinux is preventing ifdown-eth (udev_t) "signal" to (dhcpc_t).

Detailed Description
SELinux denied access requested by ifdown-eth. It is not expected that this
access is required by ifdown-eth and this access may signal an intrusion
attempt. It is also possible that the specific version or configuration of the
application is causing it to require additional access.

Either:
a) it needs to allow this as-is
b) udev needs to transition to the proper domain when calling ifdown

Version-Release number of selected component (if applicable):

selinux-policy-targeted-2.6.4-13.fc7

Comment 1 Daniel Walsh 2007-06-12 15:17:20 UTC

Fixed in selinux-policy-2.6.4-15

Why does udev do this and not hal?

Comment 2 Bill Nottingham 2007-06-12 15:59:16 UTC

It's just the way it's always been done, I suppose. The 'ifup' bits seem to work
from udev.

Comment 3 Daniel Walsh 2007-08-22 14:10:29 UTC

Closing as fixes are in the current release

Note You need to log in before you can comment on or make changes to this bug.