Bug 444897 - avc denied for NetworkManager and dhclient
avc denied for NetworkManager and dhclient
Product: Fedora
Classification: Fedora
Component: selinux-policy-targeted (Show other bugs)
All Linux
low Severity medium
: ---
: ---
Assigned To: Daniel Walsh
Ben Levenson
Depends On:
Blocks: F9Blocker
  Show dependency treegraph
Reported: 2008-05-01 12:32 EDT by Gene Czarcinski
Modified: 2008-05-03 02:43 EDT (History)
1 user (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Last Closed: 2008-05-03 02:43:30 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)

  None (edit)
Description Gene Czarcinski 2008-05-01 12:32:14 EDT
Description of problem:
Installed x86_64 f9-preview fresh on real hardware.  On 4/30/2008, updated from
"rawhide" ... this caused the release to become fedora 9 (rawhide).

When NetworkManager is started and the network is brought up I get:

type=AVC msg=audit(1209658063.020:64): avc:  denied  { write } for  pid=4525
comm="dhclient" name="dhclient-eth0.pid" dev=sda6 ino=799296
tcontext=unconfined_u:object_r:var_run_t:s0 tclass=file
type=SYSCALL msg=audit(1209658063.020:64): arch=c000003e syscall=2 success=no
exit=-13 a0=7fff6bc46f24 a1=241 a2=1a4 a3=4000 items=0 ppid=1 pid=4525 auid=0
uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=1
comm="dhclient" exe="/sbin/dhclient" subj=unconfined_u:system_r:dhcpc_t:s0

The te file from audit2allow is:

module POL 1.0;

require {
	type var_run_t;
	type NetworkManager_t;
	type dhcpc_t;
	class file { read write };

#============= NetworkManager_t ==============
allow NetworkManager_t var_run_t:file read;

#============= dhcpc_t ==============
allow dhcpc_t var_run_t:file { read write };

Version-Release number of selected component (if applicable):
f9-preview updated to "current" rawhide (release Fedora 9 (rawhide))
selinux-policy-targetted is 3.3.1-42.fc9
NetworkManager* is 0.7.0-0.9.2.svn3614.fc9

How reproducible:
Comment 1 Daniel Walsh 2008-05-02 08:14:36 EDT
Some how this file got the wrong context on it

restorecon -R -v /var/run/dhclient*

Will fix.

Any idea how this might have happened?

Comment 2 Gene Czarcinski 2008-05-02 13:05:16 EDT
1. installed f9 preview from DVD
2. worked with newer versions of NetworkManager trying to figure out what was
wrong with it -- https://bugzilla.redhat.com/show_bug.cgi?id=444502
3. updated from rawhide which "caused" update to Fedora 9 (rawhide)
4. continued testing NetworkManager

Comment 3 Bill Nottingham 2008-05-02 16:56:47 EDT
I'm not seeing this on regular installs here (and I've done quite a few)

If you manually restorecon, does it reoccur?
Comment 4 Gene Czarcinski 2008-05-03 02:42:32 EDT
Good, bad of indifferent, I cannot repeat the problem right now so I will close
this report.

I have been updating to "current" updates so maybe something got fixed or changed.

If the problem reoccurs, I will reopen.

Note You need to log in before you can comment on or make changes to this bug.