Bugzilla will be upgraded to version 5.0 on a still to be determined date in the near future. The original upgrade date has been delayed.
Bug 441866 - SELinux is preventing 05-netfs (NetworkManager_t) "getattr" to /var/lock/subsys/netfs (var_lock_t).
SELinux is preventing 05-netfs (NetworkManager_t) "getattr" to /var/lock/subs...
Product: Fedora
Classification: Fedora
Component: selinux-policy (Show other bugs)
All Linux
low Severity low
: ---
: ---
Assigned To: Daniel Walsh
Fedora Extras Quality Assurance
Depends On:
  Show dependency treegraph
Reported: 2008-04-10 12:18 EDT by Anne
Modified: 2008-04-11 12:05 EDT (History)
1 user (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Last Closed: 2008-04-11 12:05:57 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)

  None (edit)
Description Anne 2008-04-10 12:18:45 EDT
Description of problem:
Multiple momentary drop-outs of cabled (static IP) network connection.

Version-Release number of selected component (if applicable):

How reproducible:

Happens at fairly frequent intervals, throughout the working session

Steps to Reproduce:
1.Work normally
Actual results:

Network is dropped, and an AVC warning comes up.  Immediately afterwards the
network re-starts.

Expected results:

Constant, steady connection.
Additional info:

Source Context:  system_u:system_r:xdm_t:s0-s0:c0.c1023
Target Context:  unconfined_u:object_r:boot_t:s0
Target Objects:  menu.lst [ lnk_file ]
Source:  kdmSource Path:  /usr/bin/kdmPort:  <Unknown>
Host:  david.lydgate.lan
Source RPM Packages:  kdebase-workspace-4.0.3-7.fc9
Target RPM Packages:  
Policy RPM:  selinux-policy-3.3.1-31.fc9
Selinux Enabled:  True
Policy Type:  targeted
MLS Enabled:  True
Enforcing Mode:  Permissive
Plugin Name:  catchall_file
Host Name:  david.lydgate.lan
Platform:  Linux david.lydgate.lan 2.6.25-0.204.rc8.git4.fc9.i686 #1 SMP Mon Apr
7 11:33:46 EDT 2008 i686 athlon
Alert Count:  1
First Seen:  Thu 10 Apr 2008 04:50:26 PM BST
Last Seen:  Thu 10 Apr 2008 04:50:26 PM BST
Local ID:  98f3a649-1ebb-45eb-9634-b65ecdfae77c
Line Numbers:  

Raw Audit Messages :host=david.lydgate.lan type=AVC
msg=audit(1207842626.502:62): avc: denied { read } for pid=2505 comm="kdm"
name="menu.lst" dev=sda1 ino=26108
tcontext=unconfined_u:object_r:boot_t:s0 tclass=lnk_file host=david.lydgate.lan
type=AVC msg=audit(1207842626.502:62): avc: denied { read } for pid=2505
comm="kdm" name="grub.conf" dev=sda1 ino=26107
tcontext=unconfined_u:object_r:boot_t:s0 tclass=file 

host=david.lydgate.lan type=SYSCALL msg=audit(1207842626.502:62): arch=40000003
syscall=5 success=yes exit=10 a0=806694b a1=8000 a2=1b6 a3=0 items=0 ppid=1
pid=2505 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0
tty=(none) ses=4294967295 comm="kdm" exe="/usr/bin/kdm"
subj=system_u:system_r:xdm_t:s0-s0:c0.c1023 key=(null)
Comment 1 Daniel Walsh 2008-04-10 15:40:29 EDT
The heading and the AVC's you attach have nothing to do with each other.

The heading should be fixed in the latest policy, you might need to restorecon
the /etc/NetworkManager directory

restorecon -R -v /etc/NetworkManager

The avc you are reporting kdm tryng to read a lnk_file boot.conf file.
Comment 2 Anne 2008-04-11 06:06:17 EDT
Apologies - focus change that I hadn't noticed.

I've followed your instructions, and so far haven't seen the problem.  If it
recurs I'll append the correct AVC info.

Note You need to log in before you can comment on or make changes to this bug.