Bug 521415 - setroubleshoot: SELinux is preventing ip-up "entrypoint" access on /etc/ppp/ip-up.
Summary: setroubleshoot: SELinux is preventing ip-up "entrypoint" access on /etc/...
Keywords:
Status: CLOSED RAWHIDE
Alias: None
Product: Fedora
Classification: Fedora
Component: selinux-policy
Version: rawhide
Hardware: x86_64
OS: Linux
low
medium
Target Milestone: ---
Assignee: Daniel Walsh
QA Contact: Fedora Extras Quality Assurance
URL:
Whiteboard: setroubleshoot_trace_hash:c2bd5a8cf63...
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2009-09-05 15:45 UTC by seventhguardian
Modified: 2009-09-06 19:59 UTC (History)
4 users (show)

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed: 2009-09-06 19:59:04 UTC


Attachments (Terms of Use)

Description seventhguardian 2009-09-05 15:45:51 UTC
The following was filed automatically by setroubleshoot:

Resumo:

SELinux is preventing ip-up "entrypoint" access on /etc/ppp/ip-up.

Descrição Detalhada:

[ip-up has a permissive type (initrc_t). This access was not denied.]

SELinux denied access requested by ip-up. It is not expected that this access is
required by ip-up and this access may signal an intrusion attempt. It is also
possible that the specific version or configuration of the application is
causing it to require additional access.

A Permitir o Acesso:

You can generate a local policy module to allow this access - see FAQ
(http://fedora.redhat.com/docs/selinux-faq-fc5/#id2961385) Please file a bug
report (http://bugzilla.redhat.com/bugzilla/enter_bug.cgi) against this package.

Informação Adicional:

Contexto de Origem            system_u:system_r:initrc_t:s0
Contexto de Destino           system_u:object_r:pppd_initrc_exec_t:s0
Objectos de Destino           /etc/ppp/ip-up [ file ]
Fonte                         ip-up
Caminho de Origem             /bin/bash
Porto                         <Desconhecida>
Máquina                      (removed)
Pacotes RPM Fonte             bash-4.0.28-2.fc12
Pacotes RPM Destino           initscripts-8.97-1
RPM da Política              selinux-policy-3.6.30-2.fc12
Selinux Activo                True
Tipo de Política             targeted
MLS Activo                    True
Modo de Execução Forçada   Enforcing
Nome do Plugin                catchall
Nome da Máquina              (removed)
Plataforma                    Linux (removed) 2.6.31-0.199.rc8.git2.fc12.x86_64
                              #1 SMP Wed Sep 2 20:54:49 EDT 2009 x86_64 x86_64
Contador de Alertas           2
Primeira Vez Visto            Sáb 05 Set 2009 16:30:39 WEST
Última Vez Visto             Sáb 05 Set 2009 16:43:57 WEST
ID Local                      9adc34c0-f148-4b2a-bee7-5bbf6c59c46d
Números de Linha             

Mensagens de Auditoria em Bru 

node=(removed) type=AVC msg=audit(1252165437.722:62): avc:  denied  { entrypoint } for  pid=2996 comm="pppd" path="/etc/ppp/ip-up" dev=dm-2 ino=21769 scontext=system_u:system_r:initrc_t:s0 tcontext=system_u:object_r:pppd_initrc_exec_t:s0 tclass=file

node=(removed) type=SYSCALL msg=audit(1252165437.722:62): arch=c000003e syscall=59 success=yes exit=0 a0=7f088c179388 a1=7fffc8cb4380 a2=7f088c828030 a3=7fffc8cb4020 items=0 ppid=2982 pid=2996 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="ip-up" exe="/bin/bash" subj=system_u:system_r:initrc_t:s0 key=(null)


audit2allow suggests:

#============= initrc_t ==============
allow initrc_t pppd_initrc_exec_t:file entrypoint;

Comment 1 Daniel Walsh 2009-09-06 19:59:04 UTC
Fixed in selinux-policy-3.6.30-4.fc12.noarch


Note You need to log in before you can comment on or make changes to this bug.