Bug 314111 - selinux blocks ypbind with NetworkManager
selinux blocks ypbind with NetworkManager
Status: CLOSED RAWHIDE
Product: Fedora
Classification: Fedora
Component: selinux-policy (Show other bugs)
rawhide
All Linux
medium Severity medium
: ---
: ---
Assigned To: Daniel Walsh
Fedora Extras Quality Assurance
: Reopened
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2007-10-01 12:16 EDT by Orion Poplawski
Modified: 2007-11-30 17:12 EST (History)
0 users

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2007-10-17 13:49:41 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)

  None (edit)
Description Orion Poplawski 2007-10-01 12:16:01 EDT
Description of problem:

With enforcing on, ypbind fails to start.  Works with enforcing off.  Denials:

Oct  1 10:09:08 cynosure kernel: audit(1191254948.240:129): user pid=2237 uid=81
auid=4294967295 subj=system_u:system_r:system_dbusd_t:s0 msg='avc:  denied  {
send_msg } for msgtype=method_call interface=org.freedesktop.NetworkManager
member=state dest=org.freedesktop.NetworkManager spid=4096 tpid=2645
scontext=system_u:system_r:ypbind_t:s0
tcontext=system_u:system_r:NetworkManager_t:s0 tclass=dbus
Oct  1 10:09:08 cynosure kernel: audit(1191254948.255:130): user pid=2237 uid=81
auid=4294967295 subj=system_u:system_r:system_dbusd_t:s0 msg='avc:  denied  {
send_msg } for msgtype=method_return dest=:1.27 spid=2645 tpid=4096
scontext=system_u:system_r:NetworkManager_t:s0
tcontext=system_u:system_r:ypbind_t:s0 tclass=dbus

Version-Release number of selected component (if applicable):
selinux-policy-3.0.8-14.fc8
Comment 1 Daniel Walsh 2007-10-01 16:16:38 EDT
Fixed in selinux-policy-3.0.8-16.fc8
Comment 2 Orion Poplawski 2007-10-04 12:37:03 EDT
Verified fixed.
Comment 3 Orion Poplawski 2007-10-09 12:42:15 EDT
it's back:

Oct  9 10:35:12 cynosure kernel: audit(1191947712.677:123): user pid=2186 uid=81
auid=4294967295 subj=system_u:system_r:system_dbusd_t:s0 msg='avc:  denied  {
send_msg } for msgtype=method_call interface=org.freedesktop.NetworkManager
member=state dest=org.freedesktop.NetworkManager spid=3960 tpid=2623
scontext=system_u:system_r:ypbind_t:s0
tcontext=system_u:system_r:NetworkManager_t:s0 tclass=dbus
Oct  9 10:35:12 cynosure kernel: audit(1191947712.680:124): user pid=2186 uid=81
auid=4294967295 subj=system_u:system_r:system_dbusd_t:s0 msg='avc:  denied  {
send_msg } for msgtype=method_return dest=:1.27 spid=2623 tpid=3960
scontext=system_u:system_r:NetworkManager_t:s0
tcontext=system_u:system_r:ypbind_t:s0 tclass=dbus

selinux-policy-3.0.8-18.fc8
Comment 4 Daniel Walsh 2007-10-09 16:44:43 EDT
Fixed again in selinux-policy-3.0.8-20.fc8
Comment 5 Orion Poplawski 2007-10-17 13:49:41 EDT
Verified again.

Note You need to log in before you can comment on or make changes to this bug.