Bug 718815 - wpa_gui cannot write to wpa_supplicant.conf (SELinux context problem)
wpa_gui cannot write to wpa_supplicant.conf (SELinux context problem)
Product: Fedora
Classification: Fedora
Component: wpa_supplicant (Show other bugs)
x86_64 Linux
unspecified Severity high
: ---
: ---
Assigned To: Dan Williams
Fedora Extras Quality Assurance
Depends On:
  Show dependency treegraph
Reported: 2011-07-04 15:15 EDT by dosboss64
Modified: 2012-08-16 09:01 EDT (History)
2 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Last Closed: 2012-08-16 09:01:52 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)

  None (edit)
Description dosboss64 2011-07-04 15:15:32 EDT
Description of problem:
wpa_gui (wpa_supplicant_gui-0.6.8-10.fc14.x86_64) cannot write to /etc/wpa_supplicant/wpa_supplicant.conf (wpa_supplicant-0.6.8-10.fc14.x86_64) due to wrong SELinux context.

Version-Release number of selected component (if applicable):

How reproducible:

Steps to Reproduce:
1. Load wpa_gui
2. Click "File" -> "Save Configuration"
Actual results:
Error displayed: "The configuration could not be saved. The update_config=1 option must be used for configuration saving to be permitted." This error is displayed whether or not the stated config line exists in wpa_supplicant.conf. 

Expected results:
The file should be saved (considering the "update_config=1" statement exists in the config file), and a confirmation dialog should appear stating: "The current configuration was saved."

Additional info:
An SELinux AVC denial is generated every time the configuration save is attempted:
type=SYSCALL msg=audit(07/04/2011 14:04:21.214:369) : arch=x86_64 syscall=open success=no exit=-13(Permission denied) a0=843640 a1=241 a2=1b6 a3=0 items=0 ppid=1 pid=6744 auid=dosboss uid=root gid=root euid=root suid=root fsuid=root egid=root sgid=root fsgid=root tty=(none) ses=1 comm=wpa_supplicant exe=/usr/sbin/wpa_supplicant subj=unconfined_u:system_r:NetworkManager_t:s0 key=(null) 
type=AVC msg=audit(07/04/2011 14:04:21.214:369) : avc:  denied  { write } for  pid=6744 comm=wpa_supplicant name=wpa_supplicant.conf dev=dm-0 ino=8228710 scontext=unconfined_u:system_r:NetworkManager_t:s0 tcontext=system_u:object_r:etc_t:s0 tclass=file
Comment 1 dosboss64 2011-07-04 15:16:31 EDT
I changed the context of the wpa_supplicant.conf file to NetworkManager_etc_rw_t and attempted the save again, at which point it worked. I am not entirely sure this is the correct context for the file, but it seems right considering the subject context in the AVC message - and bonus, it works!

Not often a fix is posted with the bug, but hey... here ya go!
Comment 2 Gary Tivey 2012-07-14 13:49:35 EDT
Don't know if this is the same problem...but it is related.

KDE plasma.networkmanager would connect to wireless app but not authenticate (WPA,WPA2) after upgrading to new 3.4x kernels.(Yes, I used two different ones) Checked systemctl and found that wpa_supplicant.service failed to start using version 3.4x kernels.

Reverting to 3.3.8-1 kernel put everything back to normal, without any configuration changes. 

Just guessing, but it might have something to do with the 3.4x kernels. =)
Comment 3 Fedora End Of Life 2012-08-16 09:01:55 EDT
This message is a notice that Fedora 14 is now at end of life. Fedora 
has stopped maintaining and issuing updates for Fedora 14. It is 
Fedora's policy to close all bug reports from releases that are no 
longer maintained.  At this time, all open bugs with a Fedora 'version'
of '14' have been closed as WONTFIX.

(Please note: Our normal process is to give advanced warning of this 
occurring, but we forgot to do that. A thousand apologies.)

Package Maintainer: If you wish for this bug to remain open because you
plan to fix it in a currently maintained version, feel free to reopen 
this bug and simply change the 'version' to a later Fedora version.

Bug Reporter: Thank you for reporting this issue and we are sorry that 
we were unable to fix it before Fedora 14 reached end of life. If you 
would still like to see this bug fixed and are able to reproduce it 
against a later version of Fedora, you are encouraged to click on 
"Clone This Bug" (top right of this page) and open it against that 
version of Fedora.

Although we aim to fix as many bugs as possible during every release's 
lifetime, sometimes those efforts are overtaken by events.  Often a 
more recent Fedora release includes newer upstream software that fixes 
bugs or makes them obsolete.

The process we are following is described here: 

Note You need to log in before you can comment on or make changes to this bug.