443648 – SELinux is preventing iwconfig (ifconfig_t) "search" to ./keys (debugfs_t).

Bug 443648 - SELinux is preventing iwconfig (ifconfig_t) "search" to ./keys (debugfs_t).

Summary: SELinux is preventing iwconfig (ifconfig_t) "search" to ./keys (debugfs_t).

Keywords:
Status:	CLOSED CURRENTRELEASE
Alias:	None
Product:	Fedora
Classification:	Fedora
Component:	selinux-policy-targeted
Sub Component:
Version:	8
Hardware:	All
OS:	Linux
Priority:	low
Severity:	low
Target Milestone:	---
Assignee:	Daniel Walsh
QA Contact:	Ben Levenson
Docs Contact:
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+	depends on / blocked

Reported:	2008-04-22 17:39 UTC by Matthew Saltzman
Modified:	2008-11-17 22:03 UTC (History)
CC List:	0 users
Fixed In Version:
Doc Type:	Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed:	2008-11-17 22:03:34 UTC
Type:	---
Embargoed:
Dependent Products:

Attachments	(Terms of Use)

Description Matthew Saltzman 2008-04-22 17:39:59 UTC

Description of problem:
SELinux denied access requested by iwconfig. It is not expected that this access
is required by iwconfig and this access may signal an intrusion attempt. It is
also possible that the specific version or configuration of the application is
causing it to require additional access. 

Version-Release number of selected component (if applicable):
selinux-policy-3.0.8-95.fc8, wireless-tools-29-0.2.pre22.fc8

How reproducible:
Always

Steps to Reproduce:
1. rmmod mac80211
2. rmmod iwl3945
3. modprobe iwl3945
  
Actual results:
host=valkyrie.localdomain type=AVC msg=audit(1208885288.790:1014): avc: denied {
search } for pid=3405 comm="iwconfig" name="keys" dev=debugfs ino=3538126
scontext=system_u:system_r:ifconfig_t:s0-s0:c0.c1023
tcontext=system_u:object_r:debugfs_t:s0 tclass=dir 

host=valkyrie.localdomain type=AVC msg=audit(1208885288.790:1014): avc: denied {
search } for pid=3405 comm="iwconfig" name="netdev:wlan0" dev=debugfs
ino=3538162 scontext=system_u:system_r:ifconfig_t:s0-s0:c0.c1023
tcontext=system_u:object_r:debugfs_t:s0 tclass=dir 

host=valkyrie.localdomain type=SYSCALL msg=audit(1208885288.790:1014):
arch=c000003e syscall=16 success=yes exit=0 a0=3 a1=8b2a a2=7fff0645cc50 a3=0
items=0 ppid=3279 pid=3405 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0
egid=0 sgid=0 fsgid=0 tty=(none) comm="iwconfig" exe="/sbin/iwconfig"
subj=system_u:system_r:ifconfig_t:s0-s0:c0.c1023 key=(null) 

Expected results:
No AVCs

Additional info:
Source Context:  system_u:system_r:ifconfig_t:s0-s0:c0.c1023
Target Context:  system_u:object_r:debugfs_t:s0
Target Objects:  ./keys [ dir ]Source:  iwconfig
Source Path:  /sbin/iwconfig
Port:  <Unknown>
Host:  valkyrie.localdomainSource 
RPM Packages:  wireless-tools-29-0.2.pre22.fc8
Target RPM Packages:  
Policy RPM:  selinux-policy-3.0.8-95.fc8
Selinux Enabled:  True
Policy Type:  targeted
MLS Enabled:  True
Enforcing Mode:  Enforcing
Plugin Name:  catchall_file
Host Name:  valkyrie.localdomain
Platform:  Linux valkyrie.localdomain 2.6.24.4-64.fc8 #1 SMP Sat Mar 29 09:15:49
EDT 2008 x86_64 x86_64

Occurrence count increments by two for each modprobe.

Comment 1 Daniel Walsh 2008-04-22 19:38:38 UTC

Fixed in selinux-policy-3.0.8-98.fc8

Comment 2 Daniel Walsh 2008-11-17 22:03:34 UTC

Closing all bugs that have been in modified for over a month.  Please reopen if the bug is not actually fixed.

Note You need to log in before you can comment on or make changes to this bug.