696161 – Selinux alert for wpa_supplicant in CSB 6.1

Bug 696161 - Selinux alert for wpa_supplicant in CSB 6.1

Summary: Selinux alert for wpa_supplicant in CSB 6.1

Keywords:
Status:	CLOSED ERRATA
Alias:	None
Product:	Red Hat Enterprise Linux 6
Classification:	Red Hat
Component:	selinux-policy
Sub Component:
Version:	6.1
Hardware:	x86_64
OS:	Linux
Priority:	medium
Severity:	low
Target Milestone:	rc
Target Release:	---
Assignee:	Daniel Walsh
QA Contact:	Karel Srot
Docs Contact:
URL:
Whiteboard:
Depends On:
Blocks:	609355
TreeView+	depends on / blocked

Reported:	2011-04-13 13:07 UTC by Mason Sanders
Modified:	2012-10-16 12:13 UTC (History)
CC List:	4 users (show)
Fixed In Version:	selinux-policy-3.7.19-84.el6
Doc Type:	Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed:	2011-05-19 12:27:45 UTC
Target Upstream Version:

Attachments	(Terms of Use)
Add an attachment (proposed patch, testcase, etc.)

Links
System	ID	Private	Priority	Status	Summary	Last Updated
Red Hat Product Errata	RHBA-2011:0526	0	normal	SHIPPED_LIVE	selinux-policy bug fix and enhancement update	2011-05-19 09:37:41 UTC

Description Mason Sanders 2011-04-13 13:07:03 UTC

Description of problem:
I receive the following selinux alert once a day:

Summary:

Your system may be seriously compromised! /usr/sbin/wpa_supplicant tried to load
a kernel module.

Detailed Description:

SELinux has prevented wpa_supplicant from loading a kernel module. All confined
programs that need to load kernel modules should have already had policy written
for them. If a compromised application tries to modify the kernel this AVC will
be generated. This is a serious issue. Your system may very well be compromised.

Allowing Access:

Contact your security administrator and report this issue.

Additional Information:

Source Context                system_u:system_r:NetworkManager_t:s0-s0:c0.c1023
Target Context                system_u:system_r:NetworkManager_t:s0-s0:c0.c1023
Target Objects                None [ capability ]
Source                        wpa_supplicant
Source Path                   /usr/sbin/wpa_supplicant
Port                          <Unknown>
Host                          (removed)
Source RPM Packages           wpa_supplicant-0.6.8-10.el6
Target RPM Packages           
Policy RPM                    selinux-policy-3.7.19-80.el6
Selinux Enabled               True
Policy Type                   targeted
Enforcing Mode                Enforcing
Plugin Name                   sys_module
Host Name                     (removed)
Platform                      Linux msanders.csb 2.6.32-128.el6.x86_64 #1 SMP
                              Mon Mar 28 21:55:33 EDT 2011 x86_64 x86_64
Alert Count                   8
First Seen                    Fri 08 Apr 2011 08:22:58 AM EDT
Last Seen                     Wed 13 Apr 2011 08:13:41 AM EDT
Local ID                      b81a69fc-c9b9-44b7-b349-6e6d62edb17e
Line Numbers                  

Raw Audit Messages            

node=msanders.csb type=AVC msg=audit(1302696821.280:2310): avc:  denied  { sys_module } for  pid=1938 comm="wpa_supplicant" capability=16  scontext=system_u:system_r:NetworkManager_t:s0-s0:c0.c1023 tcontext=system_u:system_r:NetworkManager_t:s0-s0:c0.c1023 tclass=capability

node=msanders.csb type=SYSCALL msg=audit(1302696821.280:2310): arch=c000003e syscall=16 success=no exit=-19 a0=8 a1=8933 a2=7fff3a00cce0 a3=56ccbfa774e5fbc items=0 ppid=1 pid=1938 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="wpa_supplicant" exe="/usr/sbin/wpa_supplicant" subj=system_u:system_r:NetworkManager_t:s0-s0:c0.c1023 key=(null)


Version-Release number of selected component (if applicable):
selinux-policy-3.7.19-80.el6.noarch


How reproducible:
Happens every morning when i power on the laptop or resume from suspend

Steps to Reproduce:
1.turn on laptop/resume from suspend
2.
3.
  
Actual results:
alert

Expected results:
no alert

Additional info:

Comment 4 Daniel Walsh 2011-04-13 14:46:06 UTC

This is already dontaudited in selinux-policy-3.7.19-84.el6

Comment 13 errata-xmlrpc 2011-05-19 12:27:45 UTC

An advisory has been issued which should help the problem
described in this bug report. This report is therefore being
closed with a resolution of ERRATA. For more information
on therefore solution and/or where to find the updated files,
please follow the link below. You may reopen this bug report
if the solution does not work for you.

http://rhn.redhat.com/errata/RHBA-2011-0526.html

Note You need to log in before you can comment on or make changes to this bug.