Created attachment 778192 [details] ausearch -m avc -ts 12:16 OpenLMI-Networking provider needs a policy. This is similar request as bz979037 and bz983422 and bz987951. Network provider manages network devices using NetworkManager via D-Bus. Audit messages are attached. Result of `ausearch -m avc -ts 12:16 | audit2allow`, with my comments: #============= NetworkManager_t ============== allow NetworkManager_t dhcpc_t:process { siginh noatsecure rlimitinh }; # ^^^ this doesn't seems to be related #============= firewalld_t ============== allow firewalld_t iptables_t:process { siginh noatsecure rlimitinh }; # ^^^ this doesn't seems to be related #============= pegasus_openlmi_networking_t ============== allow pegasus_openlmi_networking_t passwd_file_t:file { read getattr open }; allow pegasus_openlmi_networking_t pegasus_data_t:dir write; allow pegasus_openlmi_networking_t proc_net_t:file { read getattr open }; allow pegasus_openlmi_networking_t self:capability { setuid net_admin setgid }; allow pegasus_openlmi_networking_t self:netlink_route_socket { write getattr read bind create nlmsg_read }; allow pegasus_openlmi_networking_t self:udp_socket { create connect getattr }; allow pegasus_openlmi_networking_t sysfs_t:file { read write getattr open }; allow pegasus_openlmi_networking_t sysfs_t:lnk_file read; allow pegasus_openlmi_networking_t system_dbusd_t:unix_stream_socket connectto; allow pegasus_openlmi_networking_t system_dbusd_var_run_t:dir search; allow pegasus_openlmi_networking_t system_dbusd_var_run_t:sock_file write; #!!!! This avc can be allowed using the boolean 'global_ssp' allow pegasus_openlmi_networking_t urandom_device_t:chr_file { read open }; #============= pegasus_t ============== allow pegasus_t chkpwd_t:process { siginh noatsecure rlimitinh }; allow pegasus_t pegasus_openlmi_networking_t:process { siginh noatsecure rlimitinh }; Please check if the permission is reasonable for networking-handling provider. What the provider does: * D-Bus communication with NetworkManager * reading /proc/net/dev * reading /sys/class/net/*/flags * generating UUIDs with libuuid * communication with pegasus (same for all providers)
commit 43e08bda258a3c7a1834c467c759a57002ea2d17 Author: Miroslav Grepl <mgrepl> Date: Fri Jul 26 09:38:11 2013 +0200 Add support for cmpiLMI_Networking-cimprovagt
selinux-policy-3.12.1-69.fc19 has been submitted as an update for Fedora 19. https://admin.fedoraproject.org/updates/selinux-policy-3.12.1-69.fc19
Package selinux-policy-3.12.1-69.fc19: * should fix your issue, * was pushed to the Fedora 19 testing repository, * should be available at your local mirror within two days. Update it with: # su -c 'yum update --enablerepo=updates-testing selinux-policy-3.12.1-69.fc19' as soon as you are able to. Please go to the following url: https://admin.fedoraproject.org/updates/FEDORA-2013-14089/selinux-policy-3.12.1-69.fc19 then log in and leave karma (feedback).
selinux-policy-3.12.1-69.fc19 has been pushed to the Fedora 19 stable repository. If problems still persist, please make note of it in this bug report.