Bug 466944 - Selinux prevents to activate wireless with network configuration
Selinux prevents to activate wireless with network configuration
Status: CLOSED DUPLICATE of bug 446632
Product: Fedora
Classification: Fedora
Component: dhcp (Show other bugs)
i686 Linux
medium Severity high
: ---
: ---
Assigned To: David Cantrell
Fedora Extras Quality Assurance
Depends On:
  Show dependency treegraph
Reported: 2008-10-14 13:20 EDT by maurenzig
Modified: 2008-10-15 20:29 EDT (History)
5 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Last Closed: 2008-10-15 20:29:23 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)

  None (edit)
Description maurenzig 2008-10-14 13:20:02 EDT
Description of problem:
SELinux is preventing consoletype (consoletype_t) "read" to /var/lib/dhclient/dhclient-wlan0.leases (dhcpc_state_t). 

Version-Release number of selected component (if applicable):

How reproducible:

Steps to Reproduce:
1.activate wireless with network configuration
Actual results:

Expected results:

Additional info:
Source Context:  unconfined_u:system_r:consoletype_t:s0-s0:c0.c1023
Target Context:  unconfined_u:object_r:dhcpc_state_t:s0
Target Objects:  /var/lib/dhclient/dhclient-wlan0.leases [ file]
Source:  consoletype
Source Path:  /sbin/consoletype
Port:  <Unknown>
Host:  leased-2-223.fi.infn.it
Source RPM Packages:  initscripts-8.76.3-1
Target RPM Packages:  
Policy RPM:  selinux-policy-3.3.1-95.fc9
Selinux Enabled:  True
Policy Type:  targeted
MLS Enabled:  True
Enforcing Mode:  Enforcing
Plugin Name:  catchall_file
Host Name:  leased-2-223.fi.infn.it
Platform:  Linux leased-2-223.fi.infn.it #1 SMP Sat Sep 20 03:45:00 EDT 2008 i686 i686
Alert Count:  11
First Seen:  Tue 12 Aug 2008 07:36:00 PM CEST
Last Seen:  Tue 14 Oct 2008 07:01:29 PM CEST
Local ID:  8c9e6cb0-dff9-451b-8f2b-9cd023172a4f
Line Numbers:  
Raw Audit Messages :host=leased-2-223.fi.infn.it type=AVC msg=audit(1224003689.330:60): avc: denied { read } for pid=4069 comm="consoletype" path="/var/lib/dhclient/dhclient-wlan0.leases" dev=sda9 ino=38190 scontext=unconfined_u:system_r:consoletype_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:dhcpc_state_t:s0 tclass=file 

host=leased-2-223.fi.infn.it type=SYSCALL msg=audit(1224003689.330:60): arch=40000003 syscall=11 success=yes exit=0 a0=9c8e590 a1=9c8e028 a2=9c8e248 a3=0 items=0 ppid=4068 pid=4069 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=3 comm="consoletype" exe="/sbin/consoletype" subj=unconfined_u:system_r:consoletype_t:s0-s0:c0.c1023 key=(null)
Comment 1 Daniel Walsh 2008-10-15 09:05:29 EDT
dhclient is leaking an open file descrioptor and SELinux is catching it and closing it.  This will not cause you any problems and can be ignored.

dhclient should be fixed to close all open file descriptors before execing programs.

fcntl(fd, F_SETFD, FD_CLOEXEC)
Comment 2 David Cantrell 2008-10-15 20:29:23 EDT

*** This bug has been marked as a duplicate of bug 446632 ***

Note You need to log in before you can comment on or make changes to this bug.