Bug 743832 - SELinux is preventing /usr/sbin/pppd from 'ioctl' accesses on the chr_file /dev/ttyUSB0.
Summary: SELinux is preventing /usr/sbin/pppd from 'ioctl' accesses on the chr_file /d...
Keywords:
Status: CLOSED ERRATA
Alias: None
Product: Fedora
Classification: Fedora
Component: selinux-policy
Version: 16
Hardware: x86_64
OS: Unspecified
unspecified
unspecified
Target Milestone: ---
Assignee: Miroslav Grepl
QA Contact: Fedora Extras Quality Assurance
URL:
Whiteboard: abrt_hash:3ed092669adb98f952a7c083ad0...
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2011-10-06 09:05 UTC by Cássio Magno
Modified: 2011-10-19 04:30 UTC (History)
5 users (show)

Fixed In Version: selinux-policy-3.10.0-40.fc16
Doc Type: Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed: 2011-10-19 04:30:52 UTC
Type: ---
Embargoed:

Attachments (Terms of Use)

Description Cássio Magno 2011-10-06 09:05:34 UTC 
libreport version: 2.0.6
executable:     /usr/bin/python
hashmarkername: setroubleshoot
kernel:         3.1.0-0.rc8.git0.1.fc16.x86_64
reason:         SELinux is preventing /usr/sbin/pppd from 'ioctl' accesses on the chr_file /dev/ttyUSB0.
time:           Thu Oct  6 06:04:11 2011

description:
:SELinux is preventing /usr/sbin/pppd from 'ioctl' accesses on the chr_file /dev/ttyUSB0.
:
:*****  Plugin catchall (100. confidence) suggests  ***************************
:
:If you believe that pppd should be allowed ioctl access on the ttyUSB0 chr_file by default.
:Then you should report this as a bug.
:You can generate a local policy module to allow this access.
:Do
:allow this access for now by executing:
:# grep pppd /var/log/audit/audit.log | audit2allow -M mypol
:# semodule -i mypol.pp
:
:Additional Information:
:Source Context                system_u:system_r:pppd_t:s0
:Target Context                system_u:object_r:usbtty_device_t:s0
:Target Objects                /dev/ttyUSB0 [ chr_file ]
:Source                        pppd
:Source Path                   /usr/sbin/pppd
:Port                          <Desconhecido>
:Host                          (removed)
:Source RPM Packages           ppp-2.4.5-18.fc16
:Target RPM Packages           
:Policy RPM                    selinux-policy-3.10.0-36.fc16
:Selinux Enabled               True
:Policy Type                   targeted
:Enforcing Mode                Enforcing
:Host Name                     (removed)
:Platform                      Linux Tecnocratas.com
:                              3.1.0-0.rc8.git0.1.fc16.x86_64 #1 SMP Tue Oct 4
:                              03:16:40 UTC 2011 x86_64 x86_64
:Alert Count                   1
:First Seen                    Qui 06 Out 2011 06:02:50 BRT
:Last Seen                     Qui 06 Out 2011 06:02:50 BRT
:Local ID                      70fc4534-4b0c-4953-aff6-2497171dc784
:
:Raw Audit Messages
:type=AVC msg=audit(1317891770.125:82): avc:  denied  { ioctl } for  pid=2302 comm="pppd" path="/dev/ttyUSB0" dev=devtmpfs ino=45344 scontext=system_u:system_r:pppd_t:s0 tcontext=system_u:object_r:usbtty_device_t:s0 tclass=chr_file
:
:
:type=SYSCALL msg=audit(1317891770.125:82): arch=x86_64 syscall=ioctl success=no exit=EACCES a0=a a1=5417 a2=7fffc8001c4c a3=0 items=0 ppid=1037 pid=2302 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=pppd exe=/usr/sbin/pppd subj=system_u:system_r:pppd_t:s0 key=(null)
:
:Hash: pppd,pppd_t,usbtty_device_t,chr_file,ioctl
:
:audit2allow
:
:#============= pppd_t ==============
:allow pppd_t usbtty_device_t:chr_file ioctl;
:
:audit2allow -R
:
:#============= pppd_t ==============
:allow pppd_t usbtty_device_t:chr_file ioctl;
:
Comment 1 Miroslav Grepl 2011-10-06 12:37:47 UTC 
Could you execute

# semanage permissive -a pppd_t

re-test it

# ausearch -m avc -ts recent
Comment 2 Theodore Lee 2011-10-07 07:35:59 UTC 
I'm having the same issue when trying to establish a mobile broadband connection here - I managed to work around it by following setroubleshoot's advice and compiling a custom policy (several times though, once for getattr, then read/write, open, etc.). After disabling this policy and re-testing I get this:

----
time->Fri Oct  7 15:23:32 2011
type=SYSCALL msg=audit(1317972212.869:265): arch=c000003e syscall=16 success=no exit=-13 a0=a a1=5417 a2=7fff42e4cc4c a3=0 items=0 ppid=23412 pid=23657 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="pppd" exe="/usr/sbin/pppd" subj=system_u:system_r:pppd_t:s0 key=(null)
type=AVC msg=audit(1317972212.869:265): avc:  denied  { ioctl } for  pid=23657 comm="pppd" path="/dev/ttyUSB0" dev=devtmpfs ino=166216 scontext=system_u:system_r:pppd_t:s0 tcontext=system_u:object_r:usbtty_device_t:s0 tclass=chr_file
----
time->Fri Oct  7 15:23:31 2011
type=SYSCALL msg=audit(1317972211.607:263): arch=c000003e syscall=16 success=no exit=-13 a0=a a1=540b a2=2 a3=7fff42e4c9f0 items=0 ppid=23412 pid=23657 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="pppd" exe="/usr/sbin/pppd" subj=system_u:system_r:pppd_t:s0 key=(null)
type=AVC msg=audit(1317972211.607:263): avc:  denied  { ioctl } for  pid=23657 comm="pppd" path="/dev/ttyUSB0" dev=devtmpfs ino=166216 scontext=system_u:system_r:pppd_t:s0 tcontext=system_u:object_r:usbtty_device_t:s0 tclass=chr_file
----
time->Fri Oct  7 15:25:09 2011
type=SYSCALL msg=audit(1317972309.266:270): arch=c000003e syscall=4 success=no exit=-13 a0=7fffb8fb3a30 a1=7fffb8fb39a0 a2=7fffb8fb39a0 a3=7fffb8fb3730 items=0 ppid=25470 pid=25578 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="pppd" exe="/usr/sbin/pppd" subj=system_u:system_r:pppd_t:s0 key=(null)
type=AVC msg=audit(1317972309.266:270): avc:  denied  { getattr } for  pid=25578 comm="pppd" path="/dev/ttyUSB0" dev=devtmpfs ino=191516 scontext=system_u:system_r:pppd_t:s0 tcontext=system_u:object_r:usbtty_device_t:s0 tclass=chr_file
----
time->Fri Oct  7 15:25:09 2011
type=SYSCALL msg=audit(1317972309.266:271): arch=c000003e syscall=4 success=no exit=-13 a0=7fffb8fb3a20 a1=7fffb8fb3990 a2=7fffb8fb3990 a3=ffffffc0 items=0 ppid=25470 pid=25578 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="pppd" exe="/usr/sbin/pppd" subj=system_u:system_r:pppd_t:s0 key=(null)
type=AVC msg=audit(1317972309.266:271): avc:  denied  { getattr } for  pid=25578 comm="pppd" path="/dev/ttyUSB0" dev=devtmpfs ino=191516 scontext=system_u:system_r:pppd_t:s0 tcontext=system_u:object_r:usbtty_device_t:s0 tclass=chr_file
----
time->Fri Oct  7 15:29:00 2011
type=SYSCALL msg=audit(1317972540.271:275): arch=c000003e syscall=4 success=yes exit=0 a0=7fff5aef6d70 a1=7fff5aef6ce0 a2=7fff5aef6ce0 a3=7fff5aef6a70 items=0 ppid=25702 pid=25795 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="pppd" exe="/usr/sbin/pppd" subj=system_u:system_r:pppd_t:s0 key=(null)
type=AVC msg=audit(1317972540.271:275): avc:  denied  { getattr } for  pid=25795 comm="pppd" path="/dev/ttyUSB0" dev=devtmpfs ino=190960 scontext=system_u:system_r:pppd_t:s0 tcontext=system_u:object_r:usbtty_device_t:s0 tclass=chr_file
----
time->Fri Oct  7 15:29:00 2011
type=SYSCALL msg=audit(1317972540.284:276): arch=c000003e syscall=2 success=yes exit=10 a0=7ff0da626360 a1=80802 a2=0 a3=7ff0da3c8500 items=0 ppid=25702 pid=25795 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="pppd" exe="/usr/sbin/pppd" subj=system_u:system_r:pppd_t:s0 key=(null)
type=AVC msg=audit(1317972540.284:276): avc:  denied  { open } for  pid=25795 comm="pppd" name="ttyUSB0" dev=devtmpfs ino=190960 scontext=system_u:system_r:pppd_t:s0 tcontext=system_u:object_r:usbtty_device_t:s0 tclass=chr_file
type=AVC msg=audit(1317972540.284:276): avc:  denied  { read write } for  pid=25795 comm="pppd" name="ttyUSB0" dev=devtmpfs ino=190960 scontext=system_u:system_r:pppd_t:s0 tcontext=system_u:object_r:usbtty_device_t:s0 tclass=chr_file
----
time->Fri Oct  7 15:29:00 2011
type=SYSCALL msg=audit(1317972540.287:277): arch=c000003e syscall=16 success=yes exit=0 a0=a a1=5416 a2=7fff5aef7cec a3=7fff5aef7a70 items=0 ppid=25702 pid=25795 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="pppd" exe="/usr/sbin/pppd" subj=system_u:system_r:pppd_t:s0 key=(null)
type=AVC msg=audit(1317972540.287:277): avc:  denied  { ioctl } for  pid=25795 comm="pppd" path="/dev/ttyUSB0" dev=devtmpfs ino=190960 scontext=system_u:system_r:pppd_t:s0 tcontext=system_u:object_r:usbtty_device_t:s0 tclass=chr_file
----
time->Fri Oct  7 15:29:09 2011
type=SYSCALL msg=audit(1317972549.910:279): arch=c000003e syscall=16 success=yes exit=0 a0=a a1=540b a2=2 a3=7fff5aef7b40 items=0 ppid=25702 pid=25795 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="pppd" exe="/usr/sbin/pppd" subj=system_u:system_r:pppd_t:s0 key=(null)
type=AVC msg=audit(1317972549.910:279): avc:  denied  { ioctl } for  pid=25795 comm="pppd" path="/dev/ttyUSB0" dev=devtmpfs ino=190960 scontext=system_u:system_r:pppd_t:s0 tcontext=system_u:object_r:usbtty_device_t:s0 tclass=chr_file
----
time->Fri Oct  7 15:29:30 2011
type=SYSCALL msg=audit(1317972570.505:281): arch=c000003e syscall=2 success=yes exit=10 a0=7f2c55dae360 a1=80802 a2=0 a3=7f2c55b50500 items=0 ppid=25702 pid=25921 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="pppd" exe="/usr/sbin/pppd" subj=system_u:system_r:pppd_t:s0 key=(null)
type=AVC msg=audit(1317972570.505:281): avc:  denied  { open } for  pid=25921 comm="pppd" name="ttyUSB0" dev=devtmpfs ino=190960 scontext=system_u:system_r:pppd_t:s0 tcontext=system_u:object_r:usbtty_device_t:s0 tclass=chr_file
type=AVC msg=audit(1317972570.505:281): avc:  denied  { read write } for  pid=25921 comm="pppd" name="ttyUSB0" dev=devtmpfs ino=190960 scontext=system_u:system_r:pppd_t:s0 tcontext=system_u:object_r:usbtty_device_t:s0 tclass=chr_file
----
time->Fri Oct  7 15:29:30 2011
type=SYSCALL msg=audit(1317972570.492:280): arch=c000003e syscall=4 success=yes exit=0 a0=7fff6529d330 a1=7fff6529d2a0 a2=7fff6529d2a0 a3=7fff6529d030 items=0 ppid=25702 pid=25921 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="pppd" exe="/usr/sbin/pppd" subj=system_u:system_r:pppd_t:s0 key=(null)
type=AVC msg=audit(1317972570.492:280): avc:  denied  { getattr } for  pid=25921 comm="pppd" path="/dev/ttyUSB0" dev=devtmpfs ino=190960 scontext=system_u:system_r:pppd_t:s0 tcontext=system_u:object_r:usbtty_device_t:s0 tclass=chr_file
Comment 3 Miroslav Grepl 2011-10-07 08:33:30 UTC 
Fixed in selinux-policy-3.10.0-39.fc16
Comment 4 Fedora Update System 2011-10-14 16:17:44 UTC 
selinux-policy-3.10.0-40.fc16 has been submitted as an update for Fedora 16.
https://admin.fedoraproject.org/updates/selinux-policy-3.10.0-40.fc16
Comment 5 Fedora Update System 2011-10-15 14:31:24 UTC 
Package selinux-policy-3.10.0-40.fc16:
* should fix your issue,
* was pushed to the Fedora 16 testing repository,
* should be available at your local mirror within two days.
Update it with:
# su -c 'yum update --enablerepo=updates-testing selinux-policy-3.10.0-40.fc16'
as soon as you are able to.
Please go to the following url:
https://admin.fedoraproject.org/updates/FEDORA-2011-14363
then log in and leave karma (feedback).
Comment 6 Fedora Update System 2011-10-19 04:30:52 UTC 
selinux-policy-3.10.0-40.fc16 has been pushed to the Fedora 16 stable repository.  If problems still persist, please make note of it in this bug report.
Note You need to log in before you can comment on or make changes to this bug.