Bugzilla will be upgraded to version 5.0 on a still to be determined date in the near future. The original upgrade date has been delayed.
Bug 625993 - SELinux is preventing /bin/bash from executing autoconnect.py.
SELinux is preventing /bin/bash from executing autoconnect.py.
Status: CLOSED ERRATA
Product: Fedora
Classification: Fedora
Component: selinux-policy (Show other bugs)
12
x86_64 Linux
low Severity medium
: ---
: ---
Assigned To: Miroslav Grepl
Fedora Extras Quality Assurance
setroubleshoot_trace_hash:89d8fd1fae0...
:
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2010-08-21 06:30 EDT by Zdenek Sedlak
Modified: 2010-12-14 13:57 EST (History)
3 users (show)

See Also:
Fixed In Version: selinux-policy-3.6.32-123.fc12
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2010-10-14 02:34:32 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)

  None (edit)
Description Zdenek Sedlak 2010-08-21 06:30:36 EDT
Summary:

SELinux is preventing /bin/bash from executing autoconnect.py.

Detailed Description:

SELinux has denied the 91wicd from executing autoconnect.py. If 91wicd is
supposed to be able to execute autoconnect.py, this could be a labeling problem.
Most confined domains are allowed to execute files labeled bin_t. So you could
change the labeling on this file to bin_t and retry the application. If this
91wicd is not supposed to execute autoconnect.py, this could signal an intrusion
attempt.

Allowing Access:

If you want to allow 91wicd to execute autoconnect.py: chcon -t bin_t
'autoconnect.py' If this fix works, please update the file context on disk, with
the following command: semanage fcontext -a -t bin_t 'autoconnect.py' Please
specify the full path to the executable, Please file a bug report to make sure
this becomes the default labeling.

Additional Information:

Source Context                system_u:system_r:hald_t:s0
Target Context                system_u:object_r:usr_t:s0
Target Objects                autoconnect.py [ file ]
Source                        91wicd
Source Path                   /bin/bash
Port                          <Unknown>
Host                          (removed)
Source RPM Packages           bash-4.0.38-1.fc12
Target RPM Packages           
Policy RPM                    selinux-policy-3.6.32-120.fc12
Selinux Enabled               True
Policy Type                   targeted
Enforcing Mode                Enforcing
Plugin Name                   execute
Host Name                     (removed)
Platform                      Linux (removed) 2.6.32.16-150.fc12.x86_64
                              #1 SMP Sat Jul 24 05:19:12 UTC 2010 x86_64 x86_64
Alert Count                   4
First Seen                    Fri 20 Aug 2010 11:44:44 PM CEST
Last Seen                     Sat 21 Aug 2010 12:29:19 PM CEST
Local ID                      56c44329-c481-4f5b-9c71-5d7494a95ebc
Line Numbers                  

Raw Audit Messages            

node=(removed) type=AVC msg=audit(1282386559.536:35141): avc:  denied  { execute } for  pid=27422 comm="91wicd" name="autoconnect.py" dev=dm-2 ino=2367468 scontext=system_u:system_r:hald_t:s0 tcontext=system_u:object_r:usr_t:s0 tclass=file

node=(removed) type=SYSCALL msg=audit(1282386559.536:35141): arch=c000003e syscall=21 success=no exit=-13 a0=27de100 a1=1 a2=7fffd168e780 a3=10 items=0 ppid=27421 pid=27422 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="91wicd" exe="/bin/bash" subj=system_u:system_r:hald_t:s0 key=(null)



Hash String generated from  execute,91wicd,hald_t,usr_t,file,execute
audit2allow suggests:

#============= hald_t ==============
allow hald_t usr_t:file execute;
Comment 1 Miroslav Grepl 2010-08-22 18:57:22 EDT
Execute

chcon -Rt bin_t  /usr/share/wicd/daemon/

Should fix for now.
Comment 2 Miroslav Grepl 2010-09-01 08:35:16 EDT
Fixed in  selinux-policy-3.6.32-122.fc12
Comment 3 Fedora Update System 2010-10-01 04:49:02 EDT
selinux-policy-3.6.32-123.fc12 has been submitted as an update for Fedora 12.
https://admin.fedoraproject.org/updates/selinux-policy-3.6.32-123.fc12
Comment 4 Fedora Update System 2010-10-05 05:33:31 EDT
selinux-policy-3.6.32-123.fc12 has been pushed to the Fedora 12 testing repository.  If problems still persist, please make note of it in this bug report.
 If you want to test the update, you can install it with 
 su -c 'yum --enablerepo=updates-testing update selinux-policy'.  You can provide feedback for this update here: https://admin.fedoraproject.org/updates/selinux-policy-3.6.32-123.fc12
Comment 5 Zdenek Sedlak 2010-10-06 03:06:00 EDT
Ok, no more errors in audit log.
Comment 6 Daniel Walsh 2010-10-06 08:52:42 EDT
Please update karma.
Comment 7 Zdenek Sedlak 2010-10-06 09:16:15 EDT
I've added a feedback here: https://bugzilla.redhat.com/show_bug.cgi?id=625993. Where I can update the karma? (I'm the Anonymous Tester :-D)
Comment 8 Daniel Walsh 2010-10-06 10:20:44 EDT
Ok Updating feedback from Known Testers, updates the karma.  But thanks for the feedback.
Comment 9 Fedora Update System 2010-10-14 02:33:43 EDT
selinux-policy-3.6.32-123.fc12 has been pushed to the Fedora 12 stable repository.  If problems still persist, please make note of it in this bug report.

Note You need to log in before you can comment on or make changes to this bug.