Description of problem: The sysnet_read_config macro doesn't let the subject read symbolic links in the network configuration. Version-Release number of selected component (if applicable): 3.10.0-128.fc17 How reproducible: Perfectly reproducible Steps to Reproduce: 1. Create a symbolic link, to, say, an ifcfg-xxx file in /etc/sysconfig/network-scripts 2. Create a policy module that grants sysnet_read_config to a domain 3. Run something in that domain and have it try to follow the symlink Actual results: Access denied. Expected results: Access permitted; there's no important difference between accessing the file directly and accessing it via a symlink, nor can the content of a symlink in the network config reasonably be expected to reveal anything sensitive.
Fixed in selinux-policy-3.10.0-129.fc17
selinux-policy-3.10.0-130.fc17 has been submitted as an update for Fedora 17. https://admin.fedoraproject.org/updates/selinux-policy-3.10.0-130.fc17
Package selinux-policy-3.10.0-130.fc17: * should fix your issue, * was pushed to the Fedora 17 testing repository, * should be available at your local mirror within two days. Update it with: # su -c 'yum update --enablerepo=updates-testing selinux-policy-3.10.0-130.fc17' as soon as you are able to. Please go to the following url: https://admin.fedoraproject.org/updates/FEDORA-2012-9520/selinux-policy-3.10.0-130.fc17 then log in and leave karma (feedback).
selinux-policy-3.10.0-130.fc17 has been pushed to the Fedora 17 stable repository. If problems still persist, please make note of it in this bug report.