Bug 438145 - Unresolved action name in SELinux messages
Summary: Unresolved action name in SELinux messages
Keywords:
Status: CLOSED NEXTRELEASE
Alias: None
Product: Fedora
Classification: Fedora
Component: setroubleshoot
Version: 8
Hardware: i386
OS: Linux
medium
medium
Target Milestone: ---
Assignee: Daniel Walsh
QA Contact: Fedora Extras Quality Assurance
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2008-03-19 12:42 UTC by Milos Malik β™ˆπŸ‘πŸ…
Modified: 2008-09-09 18:49 UTC (History)
0 users

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed: 2008-09-09 18:49:42 UTC


Attachments (Terms of Use)
output of sealert (2.64 KB, text/plain)
2008-03-19 13:42 UTC, Milos Malik β™ˆπŸ‘πŸ…
no flags Details
output of sealert in enforcing mode (2.53 KB, text/plain)
2008-03-19 13:54 UTC, Milos Malik β™ˆπŸ‘πŸ…
no flags Details

Description Milos Malik β™ˆπŸ‘πŸ… 2008-03-19 12:42:52 UTC
From Bugzilla Helper:
User-Agent: Mozilla/5.0 (X11; U; Linux x86_64; cs-CZ; rv:1.8.1.12) Gecko/20080208 Fedora/2.0.0.12-1.fc8 Firefox/2.0.0.12

Description of problem:
The action which was prevented by SELinux is called "unknown" in SELinux messages.

The faulty dhclient utility comes from dhclient-3.0.6-12 package.

Version-Release number of selected component (if applicable):
setroubleshoot-2.0.5-2

How reproducible:
Always


Steps to Reproduce:
Following steps will probably disconnect you from your network!!!

1. setenforce 1
2. dhclient -p 65537
3. look at the end of /var/log/messages
4. search for the latest SELinux message


Actual Results:
Following message appeared in /var/log/messages:

setroubleshoot: SELinux is preventing dhclient (dhcpc_t) "name_bind" to <NeznΓ‘mΓ©> (inetd_child_port_t). For complete SELinux messages. run sealert -l eed0b691-8a90-4068-bb23-2dda1a2a177c


Expected Results:
Following message appeared in /var/log/messages:

setroubleshoot: SELinux is preventing the dhclient (dhcpc_t) from binding to port 1. For complete SELinux messages. run sealert -l 619ad5f5-dea3-49a9-8b7f-6844a587b5b5

Additional info:

Comment 1 John Dennis 2008-03-19 13:20:08 UTC
To diagnose this I need the full alert information.

Please open the sealert browser, select the alert this message came from, from
the edit menu choose "Copy Alert" and paste the contents into this bug report.
Or, the same data can be obtained from the command line via the instructions in
the syslog message by running sealert -l <id>. Thank you.

Comment 2 Milos Malik β™ˆπŸ‘πŸ… 2008-03-19 13:42:26 UTC
Created attachment 298509 [details]
output of sealert

I'm sorry I don't know how to change the language in log messages.

The czech word "NeznΓ‘mΓ©" has the same meaning as english word "Unknown".

Comment 3 Milos Malik β™ˆπŸ‘πŸ… 2008-03-19 13:54:42 UTC
Created attachment 298512 [details]
output of sealert in enforcing mode

Previous output of sealert comes from permissive mode. Current output of
sealert comes from enforcing mode.

Comment 4 John Dennis 2008-03-19 14:49:43 UTC
Dan, we need to remove $TARGET_PATH from the catchall plugin, a socket does not
have a path, it was $TARGET_PATH which was causing the <Unknown> to show up in
the summary.

We also need plugins for name bind and name connect on a defined port.

Comment 5 Daniel Walsh 2008-03-29 15:06:55 UTC
John I added the plugins to the source pool but intltool seems to be broken on
my machine right now.




Note You need to log in before you can comment on or make changes to this bug.