Bug 589542 - SELinux policy appears to prevent NM from interacting with avahi-autoipd correctly
SELinux policy appears to prevent NM from interacting with avahi-autoipd corr...
Status: CLOSED DUPLICATE of bug 589539
Product: Fedora
Classification: Fedora
Component: selinux-policy-targeted (Show other bugs)
12
All Linux
low Severity medium
: ---
: ---
Assigned To: Daniel Walsh
Ben Levenson
:
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2010-05-06 08:04 EDT by Scott Schmit
Modified: 2010-05-06 08:08 EDT (History)
0 users

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2010-05-06 08:08:58 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)

  None (edit)
Description Scott Schmit 2010-05-06 08:04:45 EDT
Description of problem:
See Bug 587845. When run as root from the commandline, NM is able to establish a link-local connection on IPv4 by using avahi-autoipd. When run as a service, it cannot. The only time that setroubleshooter yells at me is when I run NM from the commandline (because it screws up the context for /etc/resolv.conf and /var/run/nm-dhclient-wlan0.conf) so I'm guessing there's some dontaudits covering up the issue.

Version-Release number of selected component (if applicable):
selinux-policy-targeted-3.6.32-113.fc12.noarch
NetworkManager-0.8.0-12.git20100504.fc12.x86_64 (not sure that this is relevant)

How reproducible:
100%

Steps to Reproduce:
1. Create a connection in NetworkManager with an IPv4 method of "Link-Local"
2. Attempt to connect to that connection

Actual results:
From the logs, you can see that NM calls to avahi-autoipd and then times out.
Run from the commandline, it does not time out, it works.

Expected results:
It should not time out.

Additional info:
NetworkManager executes "avahi-autoipd --script /usr/libexec/nm-avahi-autoipd.action <interface>".
$ ls -lZ /usr/libexec/nm-avahi-autoipd.action /usr/sbin/avahi-autoipd /usr/sbin/NetworkManager 
-rwxr-xr-x. root root system_u:object_r:bin_t:s0       /usr/libexec/nm-avahi-autoipd.action
-rwxr-xr-x. root root system_u:object_r:avahi_exec_t:s0 /usr/sbin/avahi-autoipd
-rwxr-xr-x. root root system_u:object_r:NetworkManager_exec_t:s0 /usr/sbin/NetworkManager

From that, I'm guessing that avahi_t isn't being allowed to do whatever it's supposed to do to let NetworkManager_t know it succeeded.
Comment 1 Scott Schmit 2010-05-06 08:08:58 EDT
Again, sorry for the spam!

*** This bug has been marked as a duplicate of bug 589539 ***

Note You need to log in before you can comment on or make changes to this bug.