429603 – selinux is preventing NetworkManager from writing to /var/pm-suspend.log

Bug 429603 - selinux is preventing NetworkManager from writing to /var/pm-suspend.log

Summary: selinux is preventing NetworkManager from writing to /var/pm-suspend.log

Keywords:
Status:	CLOSED CURRENTRELEASE
Alias:	None
Product:	Fedora
Classification:	Fedora
Component:	selinux-policy-targeted
Sub Component:
Version:	8
Hardware:	All
OS:	Linux
Priority:	low
Severity:	low
Target Milestone:	---
Assignee:	Daniel Walsh
QA Contact:	Ben Levenson
Docs Contact:
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+	depends on / blocked

Reported:	2008-01-21 21:40 UTC by Alex Eskin
Modified:	2008-03-05 22:17 UTC (History)
CC List:	0 users
Fixed In Version:	Current
Doc Type:	Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed:	2008-03-05 22:17:07 UTC
Type:	---
Embargoed:
Dependent Products:

Attachments	(Terms of Use)

Description Alex Eskin 2008-01-21 21:40:50 UTC

Description of problem:

Summary 

SELinux is preventing /usr/sbin/NetworkManager (NetworkManager_t) "write" to
/var/log/pm-suspend.log (hald_log_t).

Detailed Description

SELinux denied access requested by /usr/sbin/NetworkManager. It is not expected
that this access is required by /usr/sbin/NetworkManager and this access may
signal an intrusion attempt. It is also possible that the specific version or
configuration of the application is causing it to require additional access.

Additional Information

Source Context:  system_u:system_r:NetworkManager_t:s0
Target Context:  system_u:object_r:hald_log_t:s0Target
Objects:  /var/log/pm-suspend.log [ file ]Affected RPM
Packages:  NetworkManager-0.7.0-0.6.6.svn3138.fc8
[application]pm-utils-0.99.4-6.fc8 [target]Policy RPM:  selinux-policy-3.0.8-72.fc8
Selinux Enabled:  TruePolicy Type:  targeted
MLS Enabled:  True
Enforcing Mode:  Enforcing
Plugin Name:  plugins.catchall_file
Host Name:  bach.myhome.net
Platform:  Linux bach.myhome.net 2.6.23.9-85.fc8 #1 SMP Fri Dec 7 15:49:59 EST
2007 i686 i686Alert Count:  4First Seen:  Fri 11 Jan 2008 06:15:26 AM CSTLast
Seen:  Sat 12 Jan 2008 01:02:00 PM CSTLocal
ID:  9a9049cf-b054-4924-b7a6-9dff384eb9c6Line Numbers:  

Raw Audit Messages :avc: denied { write } for comm=NetworkManager dev=dm-0
egid=0 euid=0 exe=/usr/sbin/NetworkManager exit=0 fsgid=0 fsuid=0 gid=0 items=0
path=/var/log/pm-suspend.log pid=3118
scontext=system_u:system_r:NetworkManager_t:s0 sgid=0
subj=system_u:system_r:NetworkManager_t:s0 suid=0 tclass=file
tcontext=system_u:object_r:hald_log_t:s0 tty=(none) uid=0 

Version-Release number of selected component (if applicable):


How reproducible:

Always happens on suspend/resume

Steps to Reproduce:
1. Start NetworkManager
2. Suspend to Ram
3. Resume
  
Actual results:


Expected results:


Additional info:

Comment 1 Daniel Walsh 2008-01-22 14:25:33 UTC

You can allow this for now by executing 

# audit2allow -M mypol -i /var/log/audit/audit.log 
# semodule -i mypol.pp

Fixed in selinux-policy-3.0.8-81.fc8

Comment 2 Daniel Walsh 2008-03-05 22:17:07 UTC

Bugs have been in modified for over one month.  Closing as fixed in current
release please reopen if the problem still persists.

Note You need to log in before you can comment on or make changes to this bug.