Red Hat Bugzilla – Bug 292961
SELinux errors for NetworkManager and wpa_supplicant while trying to connect to wireless network
Last modified: 2008-01-30 14:06:09 EST
Description of problem:
I get the following SELinux errors for NetworkManager and wpa_supplicant while
trying to connect to a wireless network with WPA2.
SELinux is preventing /usr/sbin/NetworkManager (NetworkManager_t) "unlink"
to eth1 (var_run_t).
SELinux is preventing /usr/sbin/wpa_supplicant (NetworkManager_t) "write" to
Stopped them occurring with:
grep NetworkManager /var/log/audit/audit.log | audit2allow -v -M \
grep wpa_supplicant /var/log/audit/audit.log | audit2allow -v -M mywpasupplicant
semodule -i mynetworkmanager.pp
semodule -i mywpasupplicant.pp
The attempt failed (that's a different problem :-( ) and another SELinux error:
SELinux is preventing /usr/sbin/wpa_supplicant (NetworkManager_t) "rmdir" to
Fixed this with:
grep wpa_supplicant /var/log/audit/audit.log | audit2allow -v -M mywpasupplicant2
semodule -i mywpasupplicant2.pp
Do these need to be added to the standard distro or is it a problem peculiar to
Version-Release number of selected component (if applicable):
Steps to Reproduce:
This has been fixed with the latest policy selinux-policy-2.6.4-42
You might need to relabel /var/run
restorecon -R -v /var/run
Thanks for your help.
From where do I get selinux-policy-2.6.4-42? I can find only up to selinux-
policy-2.6.4-35 in ..../updates/testing/7/i386.
After installing it and running restorecon, will I need to reverse the changes
I made with semodule, or will the update remove them?
Should be out there now. It was just released.
It will add those rules, but not remove yours
You can execute
semodule -r mynetworkmanager
semodule -r mywpasupplicant
to remove your rules.
Thanks, I've just received the update.
Bulk closing a old selinux policy bugs that were in the modified state. If the
bug is still not fixed. Please reopen.