Bug 489551 - Raw Audit Messages :node=sasha type=AVC msg=audit(1236703113.204:80): avc: denied { execute } for pid=29606 comm="NetworkManager" name="udevadm" dev=sda1 ino=34729 scontext=system_u:system_r:NetworkManager_t:s0 tcontext=system_u:object_r:udev_exec_t:s0 tc
Summary: Raw Audit Messages :node=sasha type=AVC msg=audit(1236703113.204:80): avc: de...
Keywords:
Status: CLOSED CURRENTRELEASE
Alias: None
Product: Fedora
Classification: Fedora
Component: NetworkManager
Version: 10
Hardware: i386
OS: Linux
low
low
Target Milestone: ---
Assignee: Dan Williams
QA Contact: Fedora Extras Quality Assurance
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2009-03-10 17:06 UTC by Alexander Monin
Modified: 2009-03-16 17:32 UTC (History)
2 users (show)

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed: 2009-03-16 17:32:08 UTC
Type: ---
Embargoed:

Attachments (Terms of Use)

Description Alexander Monin 2009-03-10 17:06:39 UTC 
Description of problem:
NetworkManager doesn't start automatically if an ethernet cable is plugged in.

Summary

SELinux is preventing NetworkManager (NetworkManager_t) "execute" to ./udevadm (udev_exec_t). 
Detailed Description

SELinux denied access requested by NetworkManager. It is not expected that this access is required by NetworkManager and this access may signal an intrusion attempt. It is also possible that the specific version or configuration of the application is causing it to require additional access. 


Version-Release number of selected component (if applicable):


How reproducible:
every time an ethernet cable is plugged in 


Steps to Reproduce:
1. 
2.
3.
  
Actual results:
have to choose by hands "System eth1" in order to have a connection

Expected results:


Additional info:
Source Context:  system_u:system_r:NetworkManager_t:s0Target Context:  system_u:object_r:udev_exec_t:s0Target Objects:  ./udevadm [ file ]Source:  NetworkManagerSource Path:  /usr/sbin/NetworkManagerPort:  <Unknown>Host:  "user"Source RPM Packages:  Target RPM Packages:  Policy RPM:  selinux-policy-3.5.13-46.fc10Selinux Enabled:  TruePolicy Type:  targetedMLS Enabled:  TrueEnforcing Mode:  EnforcingPlugin Name:  catchall_fileHost Name:  "user"Platform:  Linux "user" 2.6.27.19-170.2.35.fc10.i686 #1 SMP Mon Feb 23 13:21:22 EST 2009 i686 i686Alert Count:  7First Seen:  Mon 09 Mar 2009 04:06:26 PM CDTLast Seen:  Tue 10 Mar 2009 11:38:33 AM CDTLocal ID:  cfd4a1ed-05e4-44fb-9b66-34b312408a62

Raw Audit Messages :node="user" type=AVC msg=audit(1236703113.204:80): avc: denied { execute } for pid=29606 comm="NetworkManager" name="udevadm" dev=sda1 ino=34729 scontext=system_u:system_r:NetworkManager_t:s0 tcontext=system_u:object_r:udev_exec_t:s0 tclass=file node="user" type=SYSCALL msg=audit(1236703113.204:80): arch=40000003 syscall=11 success=no exit=-13 a0=809eb60 a1=bf96befc a2=bf96d330 a3=809eb60 items=0 ppid=1961 pid=29606 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="NetworkManager" exe=2F7573722F7362696E2F4E6574776F726B4D616E61676572202864656C6574656429 subj=system_u:system_r:NetworkManager_t:s0 key=(null)
Comment 1 Greg Bouchonville 2009-03-12 22:12:01 UTC 
Greg Bouchonville: Fedora 10 developed a similiar problem 3/10/2009 4:37pm after accepting maintenance. I have a Summary sheet of the failure. The work around is to activate "System eth1" on the desktop panel after every boot. Fedora 10 has been running well for 2 months. This problem is confined to Fedora. No other linux system has this issue with my installs. Fedora shares a harddrive with Yubuntu.
Comment 2 Dan Williams 2009-03-16 17:32:08 UTC 
The SELinux problem is an error in NetworkManager build process, and NM shouldn't be calling udevadm in F10.  NetworkManager-0.7.0.99-1 should not have this issue.  Please re-open if for some reason it does still have the problem.

The "doesn't start on boot when cable is plugged in" is bug 489398.
Note You need to log in before you can comment on or make changes to this bug.