Note: This is a beta release of Red Hat Bugzilla 5.0. The data contained within is a snapshot of the live data so any changes you make will not be reflected in the production Bugzilla. Also email is disabled so feel free to test any aspect of the site that you want. File any problems you find or give feedback here.
Bug 163775 - name_connect denials with kernel
Summary: name_connect denials with kernel
Alias: None
Product: Fedora
Classification: Fedora
Component: kernel
Version: 3
Hardware: i686
OS: Linux
Target Milestone: ---
Assignee: Dave Jones
QA Contact: Brian Brock
URL: any remote url
Depends On:
TreeView+ depends on / blocked
Reported: 2005-07-20 22:16 UTC by Randy Heineke
Modified: 2015-01-04 22:21 UTC (History)
2 users (show)

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Clone Of:
Last Closed: 2005-09-27 05:33:54 UTC

Attachments (Terms of Use)

Description Randy Heineke 2005-07-20 22:16:57 UTC
From Bugzilla Helper:
User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.7.8) Gecko/20050513 Fedora/1.0.4-1.3.1 Firefox/1.0.4

Description of problem:
Remote url access result in name_connect denials for xchat and browsers. 
The kernel package adds the name_connect permission feature.  The package does not establish a dependency for a FC3 selinux_policy-targeted package that supports name connect permission. 

Version-Release number of selected component (if applicable):

How reproducible:

Steps to Reproduce:
1.Upgrade to FC3 kernel package.
2.With selinux-polic-target 1.21.14-1 installed.
3.Reboot to new kernel.
4.Set selinux security to targeted policy and enabled.
5.Open a browse.
6.Enter a remote URL   

Actual Results:  A denied message appears in /var/log/messages

Expected Results:  No log message and a web page should appear

Additional info:

Actual results could have been stated:
yum upgrade command executed succesfully.

Expected results could have been stated as:
A yum message complaining about the vintage of selinux-policy-targeted.

See bug 163771 

davej and dwalsh are the best.

Comment 1 Dave Jones 2005-08-26 06:12:23 UTC
This should be fixed in the errata currently in updates-testing.
Can you test please ?

Note You need to log in before you can comment on or make changes to this bug.