Bug 451608 - Networkmanager tries to access non-allowed file
Networkmanager tries to access non-allowed file
Status: CLOSED CURRENTRELEASE
Product: Fedora
Classification: Fedora
Component: NetworkManager (Show other bugs)
9
All Linux
low Severity low
: ---
: ---
Assigned To: Dan Williams
Fedora Extras Quality Assurance
:
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2008-06-16 00:15 EDT by Torsten Ekedahl
Modified: 2008-11-02 17:12 EST (History)
2 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2008-11-02 17:12:40 EST
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)

  None (edit)
Description Torsten Ekedahl 2008-06-16 00:15:21 EDT
Description of problem:
SELinux complains at login:
SELinux is preventing nm-system-setti (NetworkManager_t) "getattr" to /dev/root
(fixed_disk_device_t). 

Version-Release number of selected component (if applicable):
0.7.0
0.9.4.svn3675.fc9
How reproducible:
I've only logged in once after the latest upgrade

Steps to Reproduce:
1. Log in
2.
3.
  
Actual results:
Complaints from setroubleshoot

Expected results:
No complaints

Additional info:
Source Context:  system_u:system_r:NetworkManager_t:s0-s0:c0.c1023Target
Context:  system_u:object_r:fixed_disk_device_t:s0Target Objects:  /dev/root [
blk_file ]Source:  nm-system-settiSource
Path:  /usr/sbin/nm-system-settingsPort:  <Unknown>Host:  homealone.math.su.seSource
RPM Packages:  NetworkManager-0.7.0-0.9.4.svn3675.fc9Target RPM
Packages:  Policy RPM:  selinux-policy-3.3.1-64.fc9Selinux Enabled:  TruePolicy
Type:  targetedMLS Enabled:  TrueEnforcing Mode:  EnforcingPlugin
Name:  catchall_fileHost Name:  homealone.math.su.sePlatform:  Linux
homealone.math.su.se 2.6.25.6-55.fc9.i686 #1 SMP Tue Jun 10 16:27:49 EDT 2008
i686 i686Alert Count:  1First Seen:  Mon 16 Jun 2008 06:03:44 AM CESTLast
Seen:  Mon 16 Jun 2008 06:03:44 AM CESTLocal
ID:  05edf400-6b7a-415b-81b7-d235fe0a4976Line Numbers:  Raw Audit Messages
:host=homealone.math.su.se type=AVC msg=audit(1213589024.200:17): avc: denied {
getattr } for pid=3693 comm="nm-system-setti" path="/dev/root" dev=tmpfs ino=335
scontext=system_u:system_r:NetworkManager_t:s0-s0:c0.c1023
tcontext=system_u:object_r:fixed_disk_device_t:s0 tclass=blk_file
host=homealone.math.su.se type=SYSCALL msg=audit(1213589024.200:17):
arch=40000003 syscall=195 success=no exit=-13 a0=76a67d a1=bfa813ec a2=7bbeff4
a3=76a67d items=0 ppid=1 pid=3693 auid=4294967295 uid=0 gid=0 euid=0 suid=0
fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="nm-system-setti"
exe="/usr/sbin/nm-system-settings"
subj=system_u:system_r:NetworkManager_t:s0-s0:c0.c1023 key=(null)
Comment 1 Dan Williams 2008-11-02 17:12:40 EST
fixed in latest updates (svn4022 and later) with latest selinux-policy packages.

Note You need to log in before you can comment on or make changes to this bug.