Note: This is a beta release of Red Hat Bugzilla 5.0. The data contained within is a snapshot of the live data so any changes you make will not be reflected in the production Bugzilla. Also email is disabled so feel free to test any aspect of the site that you want. File any problems you find or give feedback here.
Bug 156781 - Gkrellm net monitoring problems
Summary: Gkrellm net monitoring problems
Keywords:
Status: CLOSED RAWHIDE
Alias: None
Product: Fedora
Classification: Fedora
Component: selinux-policy-targeted
Version: 3
Hardware: All
OS: Linux
medium
medium
Target Milestone: ---
Assignee: Daniel Walsh
QA Contact:
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2005-05-04 08:35 UTC by Vaclav "sHINOBI" Misek
Modified: 2007-11-30 22:11 UTC (History)
2 users (show)

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed: 2005-05-06 13:55:54 UTC


Attachments (Terms of Use)

Description Vaclav "sHINOBI" Misek 2005-05-04 08:35:55 UTC
From Bugzilla Helper:
User-Agent: Mozilla/5.0 (X11; U; Linux x86_64; en-US; rv:1.7.7) Gecko/20050416 Fedora/1.0.3-1.3.1 Firefox/1.0.3

Description of problem:
The Gkrellm's net monitor panel disappeared and when I look to the /var/log/messages there are a lot avc: denied messages.

kernel: audit(1115194228.561:0): avc:  denied  { search } for  pid=5362 exe=/usr/bin/gkrellm name=net dev=proc ino=4026531862 scontext=user_u:system_r:unconfined_t tcontext=system_u:object_r:proc_net_t tclass=dir
kernel: audit(1115194829.795:0): avc:  denied  { read } for  pid=5788 exe=/bin/netstat name=net dev=proc ino=4026531862 scontext=user_u:system_r:unconfined_t tcontext=system_u:object_r:proc_net_t tclass=dir


Version-Release number of selected component (if applicable):
selinux-policy-targeted-1.17.30-3.1

How reproducible:
Always

Steps to Reproduce:
1. install latest selinux-policy-targeted updates-testing package
2. run gkrellm

  

Additional info:

Comment 1 Orion Poplawski 2005-05-05 15:08:25 UTC
Seeing similar with KDE and the kicker:

denied  { search } for  pid=21056 exe=/usr/bin/kdeinit name=net dev=proc
ino=-268435434 scontext=user_u:system_r:unconfined_t
tcontext=system_u:object_r:proc_net_t tclass=dir

orion    21056     1  0 08:59 ?        00:00:00 kdeinit: kicker

and sadc:

denied  { search } for  pid=11085 exe=/usr/lib/sa/sadc name=net dev=proc
ino=-268435434 scontext=system_u:system_r:unconfined_t
tcontext=system_u:object_r:proc_net_t tclass=dir

and some as yet unknown program that is running netstat:

denied  { search } for  pid=11406 exe=/bin/netstat name=net dev=proc
ino=-268435434 scontext=user_u:system_r:unconfined_t
tcontext=system_u:object_r:proc_net_t tclass=dir

Comment 2 Orion Poplawski 2005-05-05 20:20:30 UTC
Network (dhcp) doesn't come up at reboot.  Similar errors.

denied  { read } for  pid=3010 exe=/sbin/ifconfig name=net
dev=proc ino=-268435434 scontext=user_u:system_r:unconfined_t
tcontext=system_u:object_r:proc_net_t tclass=dir

also, while we're at it:

denied  { search } for  pid=3260 exe=/sbin/syslogd name=nscd dev=hda6 ino=48203
scontext=user_u:system_r:syslogd_t tcontext=system_u:object_r:nscd_va
r_run_t tclass=dir

Comment 3 Vaclav "sHINOBI" Misek 2005-05-06 13:41:41 UTC
The problems seems to be solved for me with the latest testing
selinux-policy-targeted-1.17.30-3.2


Note You need to log in before you can comment on or make changes to this bug.