Bug 565324 - SELinux is preventing /usr/bin/python "setattr" access on sysctl.conf.
Summary: SELinux is preventing /usr/bin/python "setattr" access on sysctl.conf.
Keywords:
Status: CLOSED DUPLICATE of bug 565323
Alias: None
Product: Fedora
Classification: Fedora
Component: selinux-policy
Version: 12
Hardware: x86_64
OS: Linux
low
medium
Target Milestone: ---
Assignee: Daniel Walsh
QA Contact: Fedora Extras Quality Assurance
URL:
Whiteboard: setroubleshoot_trace_hash:404dd7b7600...
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2010-02-14 18:46 UTC by ctsm63
Modified: 2010-09-29 19:18 UTC (History)
7 users (show)

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed: 2010-02-15 09:55:07 UTC
Type: ---
Embargoed:

Attachments (Terms of Use)
firewall configuration screencopy (72.77 KB, image/png)
2010-02-14 19:08 UTC, ctsm63 		no flags Details
View All

Description ctsm63 2010-02-14 18:46:50 UTC 
Résumé:

SELinux is preventing /usr/bin/python "setattr" access on sysctl.conf.

Description détaillée:

[system-config-f a un type permissif (firewallgui_t). Cet accès n'a pas été
refusé.]

SELinux denied access requested by system-config-f. It is not expected that this
access is required by system-config-f and this access may signal an intrusion
attempt. It is also possible that the specific version or configuration of the
application is causing it to require additional access.

Autoriser l'accès:

You can generate a local policy module to allow this access - see FAQ
(http://docs.fedoraproject.org/selinux-faq-fc5/#id2961385) Please file a bug
report.

Informations complémentaires:

Contexte source               system_u:system_r:firewallgui_t:s0-s0:c0.c1023
Contexte cible                system_u:object_r:etc_t:s0
Objets du contexte            sysctl.conf [ file ]
source                        system-config-f
Chemin de la source           /usr/bin/python
Port                          <Inconnu>
Hôte                         (removed)
Paquetages RPM source         python-2.6.2-2.fc12
Paquetages RPM cible          
Politique RPM                 selinux-policy-3.6.32-84.fc12
Selinux activé               True
Type de politique             targeted
Mode strict                   Enforcing
Nom du plugin                 catchall
Nom de l'hôte                (removed)
Plateforme                    Linux (removed) 2.6.31.12-174.2.3.fc12.x86_64
                              #1 SMP Mon Jan 18 19:52:07 UTC 2010 x86_64 x86_64
Compteur d'alertes            1
Première alerte              dim. 14 févr. 2010 19:36:49 CET
Dernière alerte              dim. 14 févr. 2010 19:36:49 CET
ID local                      c13905b6-69c4-4557-946a-65f046c51484
Numéros des lignes           

Messages d'audit bruts        

node=(removed) type=AVC msg=audit(1266172609.351:18): avc:  denied  { setattr } for  pid=2032 comm="system-config-f" name="sysctl.conf" dev=sda7 ino=686335 scontext=system_u:system_r:firewallgui_t:s0-s0:c0.c1023 tcontext=system_u:object_r:etc_t:s0 tclass=file

node=(removed) type=SYSCALL msg=audit(1266172609.351:18): arch=c000003e syscall=90 success=yes exit=0 a0=9b7a60 a1=180 a2=7fde3f050e40 a3=7fffcb9481e8 items=0 ppid=1 pid=2032 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="system-config-f" exe="/usr/bin/python" subj=system_u:system_r:firewallgui_t:s0-s0:c0.c1023 key=(null)



Hash String generated from  catchall,system-config-f,firewallgui_t,etc_t,file,setattr
audit2allow suggests:

#============= firewallgui_t ==============
allow firewallgui_t etc_t:file setattr;
Comment 1 ctsm63 2010-02-14 19:08:56 UTC 
Created attachment 394217 [details]
firewall configuration screencopy

first reboot after adding translation of addresses between eth0 and eth1
cf. Capture-Configuration du pare-feu.png and  Bug 565323 -  SELinux is preventing /usr/bin/python "write" access on sysctl.conf.
Comment 2 Miroslav Grepl 2010-02-15 09:55:07 UTC 

*** This bug has been marked as a duplicate of bug 565323 ***
Note You need to log in before you can comment on or make changes to this bug.