Red Hat Bugzilla – Bug 505597
pppd denied access to PID file when launched by networkmanager
Last modified: 2009-08-21 16:30:10 EDT
Created attachment 347578 [details]
Output of ausearch, ps auX, sesearch.
Description of problem:
Selinux in enforcing mode denies pppd access to /var/run/pppd2.tdb; in practice, when using NetworkManager to connect to mobile broadband, AVC denials pop up and am unable to connect to mobile broadband.
Version-Release number of selected component (if applicable):
selinux-policy 3.5.13-61.fc10 (noarch)
Attempt to connect to mobile broadband
Steps to Reproduce:
1. Plug in modem (I used Nokia E71 via USB) in PC Suite Mode. /dev/ttyACM0 is made available (modem).
2. Network Manager detects connection Auto Mobile Broadband (GSM) connection. Attempt to connect to this connection (with signal on phone).
3. AVC Denials should appear.
read, write, getattr, lock denied on /var/run/pppd2.tdb, networkmanager does not connect to network.
NetworkManager should connect to modem; pppd should be allowed to talk to its PID file. Can demonstrate this happening by setenforce 0.
Discussed on #fedora-selinux and was informed this was a bug. Have attached the various commands / output we disccussed as text files. It was suggested the issue was with transitions to initrc_t
Did you run the restorecon command?
# restorecon -R -v /var/run/ppp*
No. Initially the domain was of var_run_t. I've just run the command and the new domain is pppd_var_run_t. Would this correct the issue?
The question is how did the directory get created with the wrong context.
Did you run pppd directly?
I can confirm I haven't had any problems since.
I was following a guide to try to connect to the internet through my mobile which must have been fairly old; it indicated I should use wvdial.
Just tried it with the modem attached, I first ran ls -Z | grep ppp in /var/run, then as root wvdial nokia-usb (nokia-usb being a section of wvdial.conf that tells wvdial how to call the modem). Then I ran ls -Z | grep ppp again to check, the output is:
[firstname.lastname@example.org /var/run]$ ls -Z | grep pppd
drwxr-xr-x root root system_u:object_r:pppd_var_run_t:s0 ppp
-rw-r--r-- root root unconfined_u:object_r:var_run_t:s0 pppd2.tdb
Which is where the wrong context came from... fixed as above.
From my point of view I've since discovered that directly using wvdial is the wrong way to use my modem, NetworkManager does it all and the correct context is set when using NetworkManager first. So, I can set the context correctly or just boot my system and it works correctly for my needs. I don't know if there are potential uses of wvdial which might break because of this, though?
Sorry about the delay in replying, internet has been down, ISP problems.
Closing this because my problem is sorted and I don't think it's actually a bug as originally suspected... one less open bug report.