Bug 323871 - SELinux denials when configuring network on F8t3 Live CD
SELinux denials when configuring network on F8t3 Live CD
Product: Fedora
Classification: Fedora
Component: system-config-network (Show other bugs)
All Linux
low Severity low
: ---
: ---
Assigned To: Harald Hoyer
Fedora Extras Quality Assurance
Depends On:
  Show dependency treegraph
Reported: 2007-10-08 17:34 EDT by Miloš Komarčević
Modified: 2007-11-30 17:12 EST (History)
0 users

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Last Closed: 2007-10-14 12:11:18 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)

  None (edit)
Description Miloš Komarčević 2007-10-08 17:34:49 EDT
Got the following SELinux denials when configuring the wireless connection
through system-config-network as "fedora" user on the F8t3 Live CD (turned off
NetworkManager as it can't configure hidden wireless connections yet):

SELinux is preventing ifconfig (ifconfig_t) "read" to pipe (unconfined_t).

SELinux is preventing ip (ifconfig_t) "write" to pipe (unconfined_t).

SELinux is preventing /sbin/consoletype (consoletype_t) "write" to pipe

SELinux is preventing consoletype (consoletype_t) "read" to pipe (unconfined_t).

SELinux is preventing dhclient-script (dhcpc_t) "write" to (etc_t).

As a result at least /etc/resolv.conf didn't get filled in by the DHCP server.
SELinux is preventing ip (ifconfig_t) "write" to pipe (unconfined_t).
Comment 1 Daniel Walsh 2007-10-08 17:45:48 EDT
This looks like the resolv.conf has the wrong context on it.  

restorecon /etc/resolv.conf 

should fix it.

System-config-network is not labeling /etc/resolv.conf correctly.  The other avc's 
should be fixed in the latest .policy
Comment 2 Harald Hoyer 2007-10-09 05:21:48 EDT
should be fixed in rawhide. thx!
Comment 3 Miloš Komarčević 2007-10-14 12:11:18 EDT
Confirmed working with rawhide-20071011-i686-Live image, thanks!

Note You need to log in before you can comment on or make changes to this bug.