Fedora Linux Support Community & Resources Center

Go Back   FedoraForum.org > Fedora 19/20 > Security and Privacy
FedoraForum Search

Forgot Password? Join Us!

Security and Privacy Sadly, malware, spyware, hackers and privacy threats abound in today's world. Let's be paranoid and secure our penguins, and slam the doors on privacy exploits.

Reply
 
Thread Tools Search this Thread Display Modes
  #1  
Old 29th April 2012, 01:53 PM
blittle Offline
Registered User
 
Join Date: Jun 2007
Posts: 405
linuxfirefox
selinux "bug" NetworkManager read access to sysctl

SELinux is preventing NetworkManager from read access on the file /etc/sysctl.conf.

***** Plugin catchall (100. confidence) suggests ***************************

If you believe that NetworkManager should be allowed read access on the sysctl.conf file by default.
Then you should report this as a bug.
You can generate a local policy module to allow this access.
Do
allow this access for now by executing:
# grep NetworkManager /var/log/audit/audit.log | audit2allow -M mypol
# semodule -i mypol.pp

Additional Information:
Source Context system_u:system_r:NetworkManager_t:s0
Target Context system_u:object_r:system_conf_t:s0
Target Objects /etc/sysctl.conf [ file ]
Source NetworkManager
Source Path NetworkManager
Port <Unknown>
Host l
Source RPM Packages
Target RPM Packages initscripts-9.34.2-1.fc16.x86_64
Policy RPM selinux-policy-3.10.0-80.fc16.noarch
Selinux Enabled True
Policy Type targeted
Enforcing Mode Enforcing
Host Name l
Platform Linux l 3.3.2-6.fc16.x86_64 #1
SMP Sat Apr 21 12:43:20 UTC 2012 x86_64 x86_64
Alert Count 1
First Seen Sun 29 Apr 2012 05:46:22 AM PDT
Last Seen Sun 29 Apr 2012 05:46:22 AM PDT
Local ID 9020d642-4aec-4c27-92f7-432b4ffc06ec

Raw Audit Messages
type=AVC msg=audit(1335703582.220:144): avc: denied { read } for pid=988 comm="NetworkManager" name="sysctl.conf" dev="dm-1" ino=2491258 scontext=system_u:system_r:NetworkManager_t:s0 tcontext=system_u:object_r:system_conf_t:s0 tclass=file


Hash: NetworkManager,NetworkManager_t,system_conf_t,file ,read

audit2allow

#============= NetworkManager_t ==============
allow NetworkManager_t system_conf_t:file read;

audit2allow -R

#============= NetworkManager_t ==============
allow NetworkManager_t system_conf_t:file read;


I haven't made any policy changes, this seems to happen when I "resume" my wireless connection, I can reproduce it by suspending the laptop, and then resuming, I'm guessing nm tries to read the state of wlan0 to make sure it's working and selinux doesn't like it.

Thanks
__________________
My Smolt Profile
Reply With Quote
  #2  
Old 29th April 2012, 02:19 PM
SteveGYBE Offline
Registered User
 
Join Date: Jun 2007
Location: Lytham St Annes, Lancashire, UK
Posts: 338
linuxfirefox
Re: selinux "bug" NetworkManager read access to sysctl

Looks like this was fixed in fixed in 3.10.0-82
Code:
$ rpm -q --changelog selinux-policy | less
* Fri Apr 06 2012 Miroslav Grepl <xxxxxx@redhat.com> 3.10.0-82
 [ . . . ]
- Allow NM to read system config file
Try a "yum update selinux-policy" if you don't want to update everything on your install - the current version is 3.10.0-84.

Last edited by SteveGYBE; 29th April 2012 at 02:25 PM.
Reply With Quote
Reply

Tags
access, bug, networkmanager, read, selinux, sysctl

Thread Tools Search this Thread
Search this Thread:

Advanced Search
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
Postgresql: SELinux is preventing postmaster (postgresql_t) "read" to ./PG rhancock Security and Privacy 3 17th February 2012 08:53 AM
SELinux is preventing iptables (iptables_t) "read write" fail2ban_t. Thaidog Security and Privacy 0 19th November 2009 07:39 AM
SELinux is preventing /usr/bin/xauth "write" access on /var/lib/nxserver/home Peter_O Fedora 12 Alpha, Beta & Release Candidates 8 14th November 2009 12:36 PM
SELinux is preventing iptables (iptables_t) "read write" unconfined_t. mikequest Security and Privacy 2 13th November 2009 09:31 AM
SELinux is preventing iptables-save (iptables_t) "read write" unconfined_t. Thaidog Security and Privacy 11 5th March 2009 10:22 AM


Current GMT-time: 08:15 (Saturday, 30-08-2014)

TopSubscribe to XML RSS for all Threads in all ForumsFedoraForumDotOrg Archive
logo

All trademarks, and forum posts in this site are property of their respective owner(s).
FedoraForum.org is privately owned and is not directly sponsored by the Fedora Project or Red Hat, Inc.

Privacy Policy | Term of Use | Posting Guidelines | Archive | Contact Us | Founding Members

Powered by vBulletin® Copyright ©2000 - 2012, vBulletin Solutions, Inc.

FedoraForum is Powered by RedHat