Bug 433239 - wicd conflitt
wicd conflitt
Product: Fedora
Classification: Fedora
Component: wicd (Show other bugs)
i686 Linux
low Severity low
: ---
: ---
Assigned To: David Cantrell
Fedora Extras Quality Assurance
Depends On:
  Show dependency treegraph
Reported: 2008-02-17 18:07 EST by Daniele Ferrante
Modified: 2011-11-14 13:53 EST (History)
1 user (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Last Closed: 2008-05-07 16:07:47 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)
se bug file (3.18 KB, text/plain)
2008-02-17 18:07 EST, Daniele Ferrante
no flags Details

  None (edit)
Description Daniele Ferrante 2008-02-17 18:07:35 EST
    SELinux ha impedito l'accesso a /var/log/wicd.log da parte di /sbin/setfiles

Descrizione dettagliata
    SELinux is preventing /sbin/setfiles (setfiles_t) "write" to
    /var/log/wicd.log (var_log_t). The SELinux type var_log_t, is a generic type
    for all files in the directory and very few processes (SELinux Domains) are
    allowed to write to this SELinux type.  This type of denial usual indicates
    a mislabeled file.  By default a file created in a directory has the gets
    the context of the parent directory, but SELinux policy has rules about the
    creation of directories, that say if a process running in one SELinux Domain
    (D1) creates a file in a directory with a particular SELinux File Context
    (F1) the file gets a different File Context (F2).  The policy usually allows
    the SELinux Domain (D1) the ability to write, unlink, and append on (F2).
    But if for some reason a file (/var/log/wicd.log) was created with the wrong
    context, this domain will be denied.  The usual solution to this problem is
    to reset the file context on the target file, restorecon -v
    /var/log/wicd.log.  If the file context does not change from var_log_t, then
    this is probably a bug in policy.  Please file a
    http://bugzilla.redhat.com/bugzilla/enter_bug.cgi against the selinux-policy
    package. If it does change, you can try your application again to see if it
    works.  The file context could have been mislabeled by editing the file or
    moving the file from a different directory, if the file keeps getting
    mislabeled, check the init scripts to see if they are doing something to
    mislabel the file.

Abilitazione accesso in corso
    Potete cercare di correggere il contesto del file, eseguendo restorecon -v

    Il seguente comando abiliterà questo tipo d'accesso:
    restorecon /var/log/wicd.log

Informazioni aggiuntive       

Contesto della sorgente       system_u:system_r:setfiles_t:s0
Contesto target               system_u:object_r:var_log_t:s0
Oggetti target                /var/log/wicd.log [ file ]
Pacchetti RPM interessati     policycoreutils-2.0.33-3.fc8 [application]
RPM della policy              selinux-policy-3.0.8-84.fc8
Selinux abilitato             True
Tipo di policy                targeted
MLS abilitato                 True
Modalità Enforcing           Permissive
Nome plugin                   plugins.mislabeled_file
Host Name                     localhost.localdomain
Piattaforma                   Linux localhost.localdomain #1
                              SMP Sun Feb 10 17:48:34 EST 2008 i686 i686
Conteggio allerte             1
First Seen                    dom 17 feb 2008 23:44:26 CET
Last Seen                     dom 17 feb 2008 23:44:26 CET
Local ID                      f93cb4d3-c57b-4b3d-acf1-4e9b7d615fba
Numeri di linea               

Messaggi Raw Audit            

avc: denied { write } for comm=restorecon dev=dm-0 egid=0 euid=0
exe=/sbin/setfiles exit=0 fsgid=0 fsuid=0 gid=0 items=0 path=/var/log/wicd.log
pid=22454 scontext=system_u:system_r:setfiles_t:s0 sgid=0
subj=system_u:system_r:setfiles_t:s0 suid=0 tclass=file
tcontext=system_u:object_r:var_log_t:s0 tty=(none) uid=0
Comment 1 Daniele Ferrante 2008-02-17 18:07:35 EST
Created attachment 295117 [details]
se bug file
Comment 2 Daniel Walsh 2008-05-07 16:07:47 EDT
This looks like a leaked file descriptor.  I am not sure what is writing to
/var/log/wicd.log but it needs to CLOSEXEC the open file descriptor.

This can be ignored but wicd should be told to close their file descriptors
before exec


Note You need to log in before you can comment on or make changes to this bug.