Bug 467601 - SELinux is preventing NetworkManager (NetworkManager_t) "execute" to ./pppd (pppd_exec_t).
SELinux is preventing NetworkManager (NetworkManager_t) "execute" to ./pppd (...
Status: CLOSED WORKSFORME
Product: Fedora
Classification: Fedora
Component: selinux-policy (Show other bugs)
9
i386 Linux
medium Severity high
: ---
: ---
Assigned To: Daniel Walsh
Fedora Extras Quality Assurance
:
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2008-10-19 02:43 EDT by Yasir M Elsharif
Modified: 2008-12-13 20:49 EST (History)
8 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2008-12-13 20:49:35 EST
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)
Selinux alert file (2.83 KB, text/plain)
2008-10-19 02:43 EDT, Yasir M Elsharif
no flags Details

  None (edit)
Description Yasir M Elsharif 2008-10-19 02:43:32 EDT
Created attachment 320792 [details]
Selinux alert file

Description of problem: SELinux denied access requested by NetworkManager. It is not expected that this access is required by NetworkManager and this access may signal an intrusion attempt. It is also possible that the specific version or configuration of the application is causing it to require additional access. 
Sometimes labeling problems can cause SELinux denials. You could try to restore the default system file context for ./pppd, 


Version-Release number of selected component (if applicable):


How reproducible:


Steps to Reproduce:
1. using huawei E220 usb gsm modem.
2. select auto GSM network connection from the network manager
3. selinux denied the connection
  
Actual results: no connection


Expected results: gsm 3G internet connection


Additional info: SELinux denied access requested by NetworkManager. It is not expected that this access is required by NetworkManager and this access may signal an intrusion attempt. It is also possible that the specific version or configuration of the application is causing it to require additional access. 
Sometimes labeling problems can cause SELinux denials. You could try to restore the default system file context for ./pppd, 

host=localhost.localdomain type=AVC msg=audit(1224393431.968:27): avc: denied { execute } for pid=3187 comm="NetworkManager" name="pppd" dev=dm-0 ino=295378 scontext=system_u:system_r:NetworkManager_t:s0 tcontext=system_u:object_r:pppd_exec_t:s0 tclass=file host=localhost.localdomain type=SYSCALL msg=audit(1224393431.968:27): arch=40000003 syscall=11 success=no exit=-13 a0=8fb1408 a1=8fa5c88 a2=bff7ba20 a3=8fb1408 items=0 ppid=2080 pid=3187 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="NetworkManager" exe="/usr/sbin/NetworkManager" subj=system_u:system_r:NetworkManager_t:s0 key=(null)
Comment 1 Daniel Walsh 2008-10-29 13:59:46 EDT
Fixed in selinux-policy-3.3.1-103.fc9

Note You need to log in before you can comment on or make changes to this bug.