Bug 323871 - SELinux denials when configuring network on F8t3 Live CD
Summary: SELinux denials when configuring network on F8t3 Live CD
Keywords:
Status: CLOSED RAWHIDE
Alias: None
Product: Fedora
Classification: Fedora
Component: system-config-network
Version: 8
Hardware: All
OS: Linux
low
low
Target Milestone: ---
Assignee: Harald Hoyer
QA Contact: Fedora Extras Quality Assurance
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2007-10-08 21:34 UTC by Miloš Komarčević
Modified: 2007-11-30 22:12 UTC (History)
0 users

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed: 2007-10-14 16:11:18 UTC
Type: ---
Embargoed:

Attachments (Terms of Use)

Description Miloš Komarčević 2007-10-08 21:34:49 UTC 
Got the following SELinux denials when configuring the wireless connection
through system-config-network as "fedora" user on the F8t3 Live CD (turned off
NetworkManager as it can't configure hidden wireless connections yet):

SELinux is preventing ifconfig (ifconfig_t) "read" to pipe (unconfined_t).

SELinux is preventing ip (ifconfig_t) "write" to pipe (unconfined_t).

SELinux is preventing /sbin/consoletype (consoletype_t) "write" to pipe
(unconfined_t). 

SELinux is preventing consoletype (consoletype_t) "read" to pipe (unconfined_t).

SELinux is preventing dhclient-script (dhcpc_t) "write" to (etc_t).


As a result at least /etc/resolv.conf didn't get filled in by the DHCP server.
SELinux is preventing ip (ifconfig_t) "write" to pipe (unconfined_t).
Comment 1 Daniel Walsh 2007-10-08 21:45:48 UTC 
This looks like the resolv.conf has the wrong context on it.  

restorecon /etc/resolv.conf 

should fix it.

System-config-network is not labeling /etc/resolv.conf correctly.  The other avc's 
should be fixed in the latest .policy
Comment 2 Harald Hoyer 2007-10-09 09:21:48 UTC 
should be fixed in rawhide. thx!
Comment 3 Miloš Komarčević 2007-10-14 16:11:18 UTC 
Confirmed working with rawhide-20071011-i686-Live image, thanks!
Note You need to log in before you can comment on or make changes to this bug.