466944 – Selinux prevents to activate wireless with network configuration

Bug 466944 - Selinux prevents to activate wireless with network configuration

Summary: Selinux prevents to activate wireless with network configuration

Keywords:
Status:	CLOSED DUPLICATE of bug 446632
Alias:	None
Product:	Fedora
Classification:	Fedora
Component:	dhcp
Sub Component:
Version:	9
Hardware:	i686
OS:	Linux
Priority:	medium
Severity:	high
Target Milestone:	---
Assignee:	David Cantrell
QA Contact:	Fedora Extras Quality Assurance
Docs Contact:
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+	depends on / blocked

Reported:	2008-10-14 17:20 UTC by maurenzig
Modified:	2008-10-16 00:29 UTC (History)
CC List:	5 users (show)
Fixed In Version:
Doc Type:	Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed:	2008-10-16 00:29:23 UTC
Type:	---
Embargoed:
Dependent Products:

Attachments	(Terms of Use)

Description maurenzig 2008-10-14 17:20:02 UTC

Description of problem:
SELinux is preventing consoletype (consoletype_t) "read" to /var/lib/dhclient/dhclient-wlan0.leases (dhcpc_state_t). 

Version-Release number of selected component (if applicable):


How reproducible:
always

Steps to Reproduce:
1.activate wireless with network configuration
2.
3.
  
Actual results:


Expected results:


Additional info:
Source Context:  unconfined_u:system_r:consoletype_t:s0-s0:c0.c1023
Target Context:  unconfined_u:object_r:dhcpc_state_t:s0
Target Objects:  /var/lib/dhclient/dhclient-wlan0.leases [ file]
Source:  consoletype
Source Path:  /sbin/consoletype
Port:  <Unknown>
Host:  leased-2-223.fi.infn.it
Source RPM Packages:  initscripts-8.76.3-1
Target RPM Packages:  
Policy RPM:  selinux-policy-3.3.1-95.fc9
Selinux Enabled:  True
Policy Type:  targeted
MLS Enabled:  True
Enforcing Mode:  Enforcing
Plugin Name:  catchall_file
Host Name:  leased-2-223.fi.infn.it
Platform:  Linux leased-2-223.fi.infn.it 2.6.26.5-45.fc9.i686 #1 SMP Sat Sep 20 03:45:00 EDT 2008 i686 i686
Alert Count:  11
First Seen:  Tue 12 Aug 2008 07:36:00 PM CEST
Last Seen:  Tue 14 Oct 2008 07:01:29 PM CEST
Local ID:  8c9e6cb0-dff9-451b-8f2b-9cd023172a4f
Line Numbers:  
Raw Audit Messages :host=leased-2-223.fi.infn.it type=AVC msg=audit(1224003689.330:60): avc: denied { read } for pid=4069 comm="consoletype" path="/var/lib/dhclient/dhclient-wlan0.leases" dev=sda9 ino=38190 scontext=unconfined_u:system_r:consoletype_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:dhcpc_state_t:s0 tclass=file 

host=leased-2-223.fi.infn.it type=SYSCALL msg=audit(1224003689.330:60): arch=40000003 syscall=11 success=yes exit=0 a0=9c8e590 a1=9c8e028 a2=9c8e248 a3=0 items=0 ppid=4068 pid=4069 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=3 comm="consoletype" exe="/sbin/consoletype" subj=unconfined_u:system_r:consoletype_t:s0-s0:c0.c1023 key=(null)

Comment 1 Daniel Walsh 2008-10-15 13:05:29 UTC

dhclient is leaking an open file descrioptor and SELinux is catching it and closing it.  This will not cause you any problems and can be ignored.

dhclient should be fixed to close all open file descriptors before execing programs.

fcntl(fd, F_SETFD, FD_CLOEXEC)

Comment 2 David Cantrell 2008-10-16 00:29:23 UTC


*** This bug has been marked as a duplicate of bug 446632 ***

Note You need to log in before you can comment on or make changes to this bug.