Bug 453501 - SELinux is preventing pppd (pppd_t) "write" to ./resolv.conf (pppd_etc_t).
Summary: SELinux is preventing pppd (pppd_t) "write" to ./resolv.conf (pppd_etc_t).
Keywords:
Status: CLOSED INSUFFICIENT_DATA
Alias: None
Product: Fedora
Classification: Fedora
Component: selinux-policy
Version: 8
Hardware: i686
OS: Linux
low
low
Target Milestone: ---
Assignee: Daniel Walsh
QA Contact: Fedora Extras Quality Assurance
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2008-07-01 02:14 UTC by Paresh Panditrao
Modified: 2008-08-01 15:50 UTC (History)
1 user (show)

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed: 2008-08-01 15:50:49 UTC
Type: ---
Embargoed:


Attachments (Terms of Use)

Description Paresh Panditrao 2008-07-01 02:14:10 UTC
Detailed Description:

SELinux denied access requested by pppd. It is not expected that this access is
required by pppd and this access may signal an intrusion attempt. It is also
possible that the specific version or configuration of the application is
causing it to require additional access.

Additional Information:

Source Context                system_u:system_r:pppd_t:s0
Target Context                system_u:object_r:pppd_etc_t:s0
Target Objects                ./resolv.conf [ file ]
Source                        pppd
Source Path                   /usr/sbin/pppd
Port                          <Unknown>
Host                          localhost.localdomain
Source RPM Packages           ppp-2.4.4-2
Target RPM Packages           
Policy RPM                    selinux-policy-3.0.8-109.fc8
Selinux Enabled               True
Policy Type                   targeted
MLS Enabled                   True
Enforcing Mode                Enforcing
Plugin Name                   catchall_file
Host Name                     localhost.localdomain
Platform                      Linux localhost.localdomain 2.6.25.6-27.fc8 #1 SMP
                              Fri Jun 13 16:38:52 EDT 2008 i686 i686
Alert Count                   36
First Seen                    Thu 08 May 2008 05:30:05 AM IST
Last Seen                     Tue 01 Jul 2008 06:46:53 AM IST
Local ID                      5ab68b64-0aa9-49b8-9780-10d2fb630c5c
Line Numbers                  

Raw Audit Messages            

host=localhost.localdomain type=AVC msg=audit(1214875013.86:86): avc:  denied  {
write } for  pid=9990 comm="pppd" name="resolv.conf" dev=sda5 ino=5076058
scontext=system_u:system_r:pppd_t:s0 tcontext=system_u:object_r:pppd_etc_t:s0
tclass=file

host=localhost.localdomain type=SYSCALL msg=audit(1214875013.86:86):
arch=40000003 syscall=5 success=no exit=-13 a0=b7f90806 a1=241 a2=1b6
a3=b9b96390 items=0 ppid=1702 pid=9990 auid=4294967295 uid=0 gid=0 euid=0 suid=0
fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="pppd"
exe="/usr/sbin/pppd" subj=system_u:system_r:pppd_t:s0 key=(null)

Comment 1 Daniel Walsh 2008-07-02 18:20:52 UTC
Somehow /etc/resolv.conf got the wrong label on it.

restorecon -R -v /etc/resolv.conf will fix.

Any idea how this file got created?  If you fix the file context does it get
messed up again later?




Note You need to log in before you can comment on or make changes to this bug.