438145 – Unresolved action name in SELinux messages

Bug 438145 - Unresolved action name in SELinux messages

Summary: Unresolved action name in SELinux messages

Keywords:
Status:	CLOSED NEXTRELEASE
Alias:	None
Product:	Fedora
Classification:	Fedora
Component:	setroubleshoot
Sub Component:
Version:	8
Hardware:	i386
OS:	Linux
Priority:	medium
Severity:	medium
Target Milestone:	---
Assignee:	Daniel Walsh
QA Contact:	Fedora Extras Quality Assurance
Docs Contact:
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+	depends on / blocked

Reported:	2008-03-19 12:42 UTC by Milos Malik
Modified:	2008-09-09 18:49 UTC (History)
CC List:	0 users
Fixed In Version:
Doc Type:	Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed:	2008-09-09 18:49:42 UTC
Type:	---
Embargoed:
Dependent Products:

Attachments	(Terms of Use)
output of sealert (2.64 KB, text/plain) 2008-03-19 13:42 UTC, Milos Malik	no flags	Details
output of sealert in enforcing mode (2.53 KB, text/plain) 2008-03-19 13:54 UTC, Milos Malik	no flags	Details
View All

Description Milos Malik 2008-03-19 12:42:52 UTC

From Bugzilla Helper:
User-Agent: Mozilla/5.0 (X11; U; Linux x86_64; cs-CZ; rv:1.8.1.12) Gecko/20080208 Fedora/2.0.0.12-1.fc8 Firefox/2.0.0.12

Description of problem:
The action which was prevented by SELinux is called "unknown" in SELinux messages.

The faulty dhclient utility comes from dhclient-3.0.6-12 package.

Version-Release number of selected component (if applicable):
setroubleshoot-2.0.5-2

How reproducible:
Always


Steps to Reproduce:
Following steps will probably disconnect you from your network!!!

1. setenforce 1
2. dhclient -p 65537
3. look at the end of /var/log/messages
4. search for the latest SELinux message


Actual Results:
Following message appeared in /var/log/messages:

setroubleshoot: SELinux is preventing dhclient (dhcpc_t) "name_bind" to <Neznámé> (inetd_child_port_t). For complete SELinux messages. run sealert -l eed0b691-8a90-4068-bb23-2dda1a2a177c


Expected Results:
Following message appeared in /var/log/messages:

setroubleshoot: SELinux is preventing the dhclient (dhcpc_t) from binding to port 1. For complete SELinux messages. run sealert -l 619ad5f5-dea3-49a9-8b7f-6844a587b5b5

Additional info:

Comment 1 John Dennis 2008-03-19 13:20:08 UTC

To diagnose this I need the full alert information.

Please open the sealert browser, select the alert this message came from, from
the edit menu choose "Copy Alert" and paste the contents into this bug report.
Or, the same data can be obtained from the command line via the instructions in
the syslog message by running sealert -l <id>. Thank you.

Comment 2 Milos Malik 2008-03-19 13:42:26 UTC

Created attachment 298509 [details]
output of sealert

I'm sorry I don't know how to change the language in log messages.

The czech word "Neznámé" has the same meaning as english word "Unknown".

Comment 3 Milos Malik 2008-03-19 13:54:42 UTC

Created attachment 298512 [details]
output of sealert in enforcing mode

Previous output of sealert comes from permissive mode. Current output of
sealert comes from enforcing mode.

Comment 4 John Dennis 2008-03-19 14:49:43 UTC

Dan, we need to remove $TARGET_PATH from the catchall plugin, a socket does not
have a path, it was $TARGET_PATH which was causing the <Unknown> to show up in
the summary.

We also need plugins for name bind and name connect on a defined port.

Comment 5 Daniel Walsh 2008-03-29 15:06:55 UTC

John I added the plugins to the source pool but intltool seems to be broken on
my machine right now.

Note You need to log in before you can comment on or make changes to this bug.