Description of problem: NetworkManager is getting blocked. Could not determine effect of block. Version-Release number of selected component (if applicable): selinux-policy-targeted-3.6.12-53.fc11.noarch How reproducible: Each boot up. Steps to Reproduce: 1. 2. 3. Actual results: Expected results: Additional info: time->Mon Jun 29 20:05:22 2009 type=SYSCALL msg=audit(1246331122.160:74): arch=c000003e syscall=2 success=no exit=-13 a0=7f6281210aea a1=0 a2=1 a3=7fff7077d850 items=0 ppid=2373 pid=4574 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="NetworkManager" exe="/usr/sbin/NetworkManager" subj=system_u:system_r:NetworkManager_t:s0 key=(null) type=AVC msg=audit(1246331122.160:74): avc: denied { read } for pid=4574 comm="NetworkManager" name="null" dev=tmpfs ino=24971 scontext=system_u:system_r:NetworkManager_t:s0 tcontext=system_u:object_r:device_t:s0 tclass=file
More information. time->Mon Jun 29 20:05:22 2009 type=SYSCALL msg=audit(1246331122.184:76): arch=c000003e syscall=2 success=no exit=-13 a0=7fbaddd4daea a1=0 a2=1 a3=7fff1db44ea0 items=0 ppid=4578 pid=4579 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="nm-crash-logger" exe="/usr/libexec/nm-crash-logger" subj=system_u:system_r:NetworkManager_t:s0 key=(null) type=AVC msg=audit(1246331122.184:76): avc: denied { read } for pid=4579 comm="nm-crash-logger" name="null" dev=tmpfs ino=24971 scontext=system_u:system_r:NetworkManager_t:s0 tcontext=system_u:object_r:device_t:s0 tclass=file
You have a file named null that is labeled as device_t? Did you some how create /dev/null as a file?
No, we did not create a null file. The only one that should exist is: crw-rw-rw-. root root system_u:object_r:null_device_t:s0 /dev/null
find /dev -name null
This is strange: ls -Z /dev/.udev/names/null -rw-r--r--. root root system_u:object_r:udev_tbl_t:s0 \x2fdevices\x2fvirtual\x2fmem\x2fnull
But that was not what network maanger was complainging about since it was complaining about a file labeled device_t tcontext=system_u:object_r:device_t:s0 tclass=file
Maybe it creates a file on the fly. It is very dynamic in how it operates.
Right, but NetworkManager would not be allowed to create device_t files. The AVC is about a read of a file labeled device_t. Any chance you have bind installed in a chroot?
Bind is not installed or used on that system, but we see bind-utils and bind-libs installed anyway. We did an rpm -qa --filesbypkg | grep null and found lots of names with null as part of the name, but the likely cases are: environment-modules /usr/share/Modules/modulefiles/null -rw-r--r--. root root system_u:object_r:usr_t:s0 /usr/share/Modules/modulefiles/null kbd /lib/kbd/consoletrans/null -rw-r--r--. root root system_u:object_r:lib_t:s0 /lib/kbd/consoletrans/null
Well I am at a loss, you could search for the inode using fine find / -inum 24971 But I think we will just need to close this, Looks like it happened while networkmanager was crashing,
OK, none of this seems to make sense! find / -inum 24971 /usr/share/openbabel/2.2.1b3/mmffvdw.par rpm -qa --filesbypkg | grep mmffvdw.par openbabel /usr/share/openbabel/2.2.1b3/mmffvdw.par rpm -q --info openbabel Name : openbabel Relocations: (not relocatable) Version : 2.2.1 Vendor: Fedora Project Release : 0.1.b3.fc11 Build Date: Sun 01 Mar 2009 10:35:49 AM PST Install Date: Tue 02 Jan 2007 09:59:23 AM PST Build Host: x86-2.fedora.phx.redhat.com Group : Applications/File Source RPM: openbabel-2.2.1-0.1.b3.fc11.src.rpm Size : 7347918 License: GPLv2 Signature : RSA/8, Fri 13 Mar 2009 10:47:03 AM PDT, Key ID 1dc5c758d22e77f2 Packager : Fedora Project URL : http://openbabel.org/ Summary : Chemistry software file format converter Description : Open Babel is a free, open-source version of the Babel chemistry file translation program. Open Babel is a project designed to pick up where Babel left off, as a cross-platform program and library designed to interconvert between many file formats used in molecular modeling, computational chemistry, and many related areas. Open Babel includes two components, a command-line utility and a C++ library. The command-line utility is intended to be used as a replacement for the original babel program, to translate between various chemical file formats. The C++ library includes all of the file-translation code as well as a wide variety of utilities to foster development of other open source scientific software.
I don't know, Might have matched a inode on a different file system. I am closing for now, reopen if it happens again.