Bug 554626 - SELinux is preventing consoletype (consoletype_t) "read write" pppd_t.
Summary: SELinux is preventing consoletype (consoletype_t) "read write" pppd_t.
Keywords:
Status: CLOSED DUPLICATE of bug 498789
Alias: None
Product: Fedora
Classification: Fedora
Component: ppp
Version: 11
Hardware: All
OS: Linux
low
medium
Target Milestone: ---
Assignee: Jiri Skala
QA Contact: Fedora Extras Quality Assurance
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2010-01-12 07:12 UTC by sumanth
Modified: 2014-11-09 22:32 UTC (History)
2 users (show)

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed: 2010-01-13 08:55:35 UTC
Type: ---
Embargoed:

Attachments (Terms of Use)

Description sumanth 2010-01-12 07:12:43 UTC 
Description of problem:

Summary:

SELinux is preventing consoletype (consoletype_t) "read write" pppd_t.

Detailed Description:

SELinux denied access requested by consoletype. It is not expected that this
access is required by consoletype and this access may signal an intrusion
attempt. It is also possible that the specific version or configuration of the
application is causing it to require additional access.

Allowing Access:

You can generate a local policy module to allow this access - see FAQ
(http://fedora.redhat.com/docs/selinux-faq-fc5/#id2961385) Or you can disable
SELinux protection altogether. Disabling SELinux protection is not recommended.
Please file a bug report (http://bugzilla.redhat.com/bugzilla/enter_bug.cgi)
against this package.

Additional Information:

Source Context                system_u:system_r:consoletype_t:s0
Target Context                system_u:system_r:pppd_t:s0
Target Objects                socket [ packet_socket ]
Source                        consoletype
Source Path                   /sbin/consoletype
Port                          <Unknown>
Host                          spandana
Source RPM Packages           initscripts-8.95.1-1
Target RPM Packages           
Policy RPM                    selinux-policy-3.6.12-92.fc11
Selinux Enabled               True
Policy Type                   targeted
MLS Enabled                   True
Enforcing Mode                Enforcing
Plugin Name                   catchall
Host Name                     spandana
Platform                      Linux spandana 2.6.29.4-167.fc11.i586 #1 SMP Wed
                              May 27 17:14:37 EDT 2009 i686 i686
Alert Count                   10
First Seen                    Mon 11 Jan 2010 11:43:02 PM IST
Last Seen                     Tue 12 Jan 2010 12:04:39 PM IST
Local ID                      869a6aae-2f7b-4b04-a6d5-7758f1cb0a70
Line Numbers                  

Raw Audit Messages            

node=spandana type=AVC msg=audit(1263278079.71:14): avc:  denied  { read write } for  pid=2403 comm="consoletype" path="socket:[15307]" dev=sockfs ino=15307 scontext=system_u:system_r:consoletype_t:s0 tcontext=system_u:system_r:pppd_t:s0 tclass=packet_socket

node=spandana type=SYSCALL msg=audit(1263278079.71:14): arch=40000003 syscall=11 success=yes exit=0 a0=834d4a0 a1=834d500 a2=834d180 a3=834d500 items=0 ppid=2402 pid=2403 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="consoletype" exe="/sbin/consoletype" subj=system_u:system_r:consoletype_t:s0 key=(null)




Version-Release number of selected component (if applicable):


How reproducible:


Steps to Reproduce:
1.
2.
3.
  
Actual results:


Expected results:


Additional info:
Comment 1 Daniel Walsh 2010-01-12 16:54:07 UTC 
This is a leaked file descriptor on ppp.
Comment 2 Jiri Skala 2010-01-13 08:55:35 UTC 
ppp-2.4.4-12.fc11 in testing state

*** This bug has been marked as a duplicate of bug 498789 ***
Note You need to log in before you can comment on or make changes to this bug.