Bug 473356 - SELinux is preventing nm-system-setti (NetworkManager_t) "read" to ./PolicyKit (polkit_var_run_t).
SELinux is preventing nm-system-setti (NetworkManager_t) "read" to ./PolicyKi...
Product: Fedora
Classification: Fedora
Component: selinux-policy (Show other bugs)
All Linux
medium Severity medium
: ---
: ---
Assigned To: Daniel Walsh
Fedora Extras Quality Assurance
Depends On:
  Show dependency treegraph
Reported: 2008-11-27 18:03 EST by morgan read
Modified: 2008-12-07 02:42 EST (History)
3 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Last Closed: 2008-12-04 09:18:57 EST
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)
setroubleshoot output (3.03 KB, text/plain)
2008-11-27 18:03 EST, morgan read
no flags Details

  None (edit)
Description morgan read 2008-11-27 18:03:09 EST
Created attachment 324926 [details]
setroubleshoot output

Description of problem:
This one's more for completeness sake, as I see there's no bug against this summary but it is 1 of 3 recurring- the other 2 being Bug 469529 and Bug 469528.  My count for the 3:
Bug 469529 105 (last @ Fri 28 Nov 2008 10:01:47 NZDT)
Bug 469528  72 (last @ Fri 28 Nov 2008 09:42:58 NZDT)
Bug "this"  48 (last @ Fri 28 Nov 2008 09:42:58 NZDT)

Version-Release number of selected component (if applicable):

How reproducible:

Steps to Reproduce:
Actual results:

Expected results:

Additional info:
Comment 1 morgan read 2008-11-27 18:06:06 EST
Oh, yes:

[readlegal@morgansmachine ~]$ rpm -q selinux-policy
Comment 2 Daniel Walsh 2008-12-01 16:59:27 EST
Do you know what it is trying to read in that directory?

ls -lZ /var/run/PolicyKit
Comment 3 morgan read 2008-12-03 04:22:33 EST
Hmm, this is a little weird - I've noticed over the last couple of days this doesn't occur on the other account I use on this machine, here's the output you asked for from the account that doesn't trigger the rash of selinux alerts above:

[morgan@morgansmachine ~]$ ls -lZ /var/run/PolicyKit
[morgan@morgansmachine ~]$ 

So, nil.
Comment 4 Daniel Walsh 2008-12-04 09:18:57 EST
Just install custom policy, since we are not likely to update policy on F8 again.

You can allow this for now.

# audit2allow -M mypol -l -i /var/log/audit/audit.log
# semodule -i mypol.pp

Will fix your problem.

Problem is fixed in F9 and F10.
Comment 5 morgan read 2008-12-07 02:42:55 EST
No problem - thanks

Note You need to log in before you can comment on or make changes to this bug.