Bug 292881 - SELinux is preventing /sbin/ifconfig (ifconfig_t) "read write" to /var/run/tuncfg.lock (initrc_t).
SELinux is preventing /sbin/ifconfig (ifconfig_t) "read write" to /var/run/tu...
Status: CLOSED WONTFIX
Product: Fedora
Classification: Fedora
Component: selinux-policy (Show other bugs)
7
All Linux
medium Severity low
: ---
: ---
Assigned To: Daniel Walsh
Fedora Extras Quality Assurance
:
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2007-09-17 05:36 EDT by Martin Jürgens
Modified: 2008-02-18 10:08 EST (History)
0 users

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2008-02-18 10:08:42 EST
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)
selinux_alert (2.10 KB, text/plain)
2007-09-17 05:36 EDT, Martin Jürgens
no flags Details

  None (edit)
Description Martin Jürgens 2007-09-17 05:36:25 EDT
Description of problem:
SELinux warning when logging in to Hamachi.


Additional info:

I have Hamachi installed. When I log in, I get that SELinux warning.
Comment 1 Martin Jürgens 2007-09-17 05:36:25 EDT
Created attachment 197211 [details]
selinux_alert
Comment 2 Radek Vokal 2008-01-14 03:32:24 EST
I've never heard about Hamachi? Is that something I can install from a Fedora repo?
Comment 3 Martin Jürgens 2008-02-18 07:32:19 EST
No, it is not.. It is a proprietary VPN application, see
https://secure.logmein.com/home.asp?lang=de
Comment 4 Daniel Walsh 2008-02-18 10:08:42 EST
This is a leaked file descriptor.

Hamachi should be closing all file descriptors on exec.

fcntl(fd, F_SETFD, FD_CLOEXEC)

This can be ignored, as SELinux is closing the file descriptor before starting
ifconfig.  You can either dontaudit it or allow it using audit2allow, to get rid
of the message.

# audit2allow -M mypol -i /var/log/audit/audit.log 
# semodule -i mypol.pp


Note You need to log in before you can comment on or make changes to this bug.