Note: This is a beta release of Red Hat Bugzilla 5.0. The data contained within is a snapshot of the live data so any changes you make will not be reflected in the production Bugzilla. Also email is disabled so feel free to test any aspect of the site that you want. File any problems you find or give feedback here.
Bug 158965 - Automatic ADSL connection during boot fails because of selinux
Summary: Automatic ADSL connection during boot fails because of selinux
Keywords:
Status: CLOSED CURRENTRELEASE
Alias: None
Product: Fedora
Classification: Fedora
Component: rp-pppoe
Version: rawhide
Hardware: i386
OS: Linux
medium
low
Target Milestone: ---
Assignee: Ngo Than
QA Contact:
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2005-05-27 07:26 UTC by Andreas Simon
Modified: 2007-11-30 22:11 UTC (History)
2 users (show)

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed: 2005-06-26 08:57:39 UTC


Attachments (Terms of Use)

Description Andreas Simon 2005-05-27 07:26:08 UTC
From Bugzilla Helper:
User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.7.8) Gecko/20050524 Fedora/1.0.4-4 Firefox/1.0.4

Description of problem:
I configured ADSL to connect during boot. This fails because of selinux errors.

Activating the connection with the system-config-network GUI or activating it with "system-config-network-cmd -a xDSL" via the command line after the system is booted works without problems.

It's just the automatic start during boot which fails.

Version-Release number of selected component (if applicable):
rp-pppoe-3.5-27

How reproducible:
Always

Steps to Reproduce:
1. Configure an ADSL (xDSL) connection with system-config-network.
2. Choose "Activate device when computer starts" for this network device
3. Boot
  

Actual Results:  During the boot there is a long timeout when the system tries to start the ADSL connection. Then [fail] is printed.

Expected Results:  Activate the ADSL connection.

Additional info:

Here are the related messages from /var/log/messages:

May 27 08:24:59 obsidian kernel: ip_tables: (C) 2000-2002 Netfilter core team
May 27 08:24:59 obsidian kernel: ip_conntrack version 2.1 (4095 buckets, 32760 max) - 272 bytes per conntrack
May 27 08:24:59 obsidian kernel: eth0: link up, 10Mbps, half-duplex, lpa 0x0021
May 27 08:24:59 obsidian kernel: CSLIP: code copyright 1989 Regents of the University of California
May 27 08:24:59 obsidian kernel: PPP generic driver version 2.4.2
May 27 08:24:59 obsidian kernel: audit(1117175032.481:3): avc:  denied  { read } for  pid=1839 comm="sh" name=pppoe dev=dm-0 ino=1318377 scontext=system_u:system_r:pppd_t tcontext=system_u:object_r:sbin_t tclass=lnk_file
May 27 08:24:59 obsidian kernel: audit(1117175032.481:4): avc:  denied  { read } for  pid=1839 comm="sh" name=pppoe dev=dm-0 ino=1318377 scontext=system_u:system_r:pppd_t tcontext=system_u:object_r:sbin_t tclass=lnk_file
May 27 08:24:59 obsidian kernel: audit(1117175032.481:5): avc:  denied  { read } for  pid=1839 comm="sh" name=pppoe dev=dm-0 ino=1318377 scontext=system_u:system_r:pppd_t tcontext=system_u:object_r:sbin_t tclass=lnk_file
May 27 08:24:59 obsidian kernel: audit(1117175037.513:6): avc:  denied  { read } for  pid=1857 comm="sh" name=pppoe dev=dm-0 ino=1318377 scontext=system_u:system_r:pppd_t tcontext=system_u:object_r:sbin_t tclass=lnk_file
...
...
...
May 27 08:24:59 obsidian kernel: audit(1117175097.783:42): avc:  denied  { read } for  pid=1994 comm="sh" name=pppoe dev=dm-0 ino=1318377 scontext=system_u:system_r:pppd_t tcontext=system_u:object_r:sbin_t tclass=lnk_file
May 27 08:24:59 obsidian kernel: audit(1117175097.783:43): avc:  denied  { read } for  pid=1994 comm="sh" name=pppoe dev=dm-0 ino=1318377 scontext=system_u:system_r:pppd_t tcontext=system_u:object_r:sbin_t tclass=lnk_file
May 27 08:24:59 obsidian kernel: audit(1117175097.783:44): avc:  denied  { read } for  pid=1994 comm="sh" name=pppoe dev=dm-0 ino=1318377 scontext=system_u:system_r:pppd_t tcontext=system_u:object_r:sbin_t tclass=lnk_file
May 27 08:25:01 obsidian kernel: parport: PnPBIOS parport detected.
May 27 08:25:01 obsidian kernel: parport0: PC-style at 0x378 (0x778), irq 7 [PCSPP,TRISTATE]
May 27 08:25:01 obsidian kernel: lp0: using parport0 (interrupt-driven).
May 27 08:25:01 obsidian kernel: lp0: console ready


The '...' means that the audit message is repeated many times, just with different pids.

Device "dm-0" (/dev/dm-0) is my root partition, a ext3 filesystem residing on a LVM volume (/dev/main_vg/root_lv).

Other info which maybe interesting:
# ls -li /usr/sbin/pppoe
1318377 lrwxrwxrwx  1 root root 16 May 26 13:36 /usr/sbin/pppoe -> ../../sbin/pppoe
# ls -li /sbin/pppoe
622697 -rwxr-xr-x  1 root root 32424 Mar  7 18:32 /sbin/pppoe
# ls -Z /sbin/pppoe
-rwxr-xr-x  root     root     system_u:object_r:sbin_t         /sbin/pppoe


Here the package versions:
selinux-policy-targeted-1.23.16-6
rp-pppoe-3.5-27

Comment 1 Daniel Walsh 2005-05-29 10:58:50 UTC
Fixed in selinux-policy-*1.23.17-4


Note You need to log in before you can comment on or make changes to this bug.