Created attachment 325020 [details] generated sealert message Description of problem: When trying to use the mobile connection from NM a selinux denial messages is generated. Version-Release number of selected component (if applicable): selinux-policy-3.5.13-18 selinux-policy-targeted-3.5.13-18 How reproducible: always Steps to Reproduce: 1. Select autoconfigured mobile connection in NM 2. 3. Actual results: selinux denial generated, no connection Expected results: working connection Additional info:
I'm having the same problem, and in addition, my entire console locks just at the moment the setroubleshootd throws up the alert. I was able to dig out these AVC denials from /var/log/audit/audit.log: type=AVC msg=audit(1228085098.916:45): avc: denied { getattr } for pid=2365 comm="NetworkManager" path="/ dev/ppp" dev=tmpfs ino=2272 scontext=system_u:system_r:NetworkManager_t:s0 tcontext=system_u:object_r:ppp_de vice_t:s0 tclass=chr_file type=SYSCALL msg=audit(1228085098.916:45): arch=40000003 syscall=195 success=no exit=-13 a0=80a7595 a1=bfb16 fc4 a2=489ff4 a3=80805e0 items=0 ppid=1 pid=2365 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sg id=0 fsgid=0 tty=(none) ses=4294967295 comm="NetworkManager" exe="/usr/sbin/NetworkManager" subj=system_u:sy stem_r:NetworkManager_t:s0 key=(null)
You can allow this for now. # audit2allow -M mypol -l -i /var/log/audit/audit.log # semodule -i mypol.pp Fixed in selinux-policy-3.5.13-27.fc10
Verified that the new policy fixes the selinux denails