Note: This is a beta release of Red Hat Bugzilla 5.0. The data contained within is a snapshot of the live data so any changes you make will not be reflected in the production Bugzilla. Also email is disabled so feel free to test any aspect of the site that you want. File any problems you find or give feedback here.
Bug 452723 - ppp-watch cannot sigkill
Summary: ppp-watch cannot sigkill
Alias: None
Product: Red Hat Enterprise Linux 5
Classification: Red Hat
Component: selinux-policy
Version: 5.1
Hardware: i686
OS: Linux
Target Milestone: rc
: ---
Assignee: Daniel Walsh
QA Contact:
Depends On:
TreeView+ depends on / blocked
Reported: 2008-06-24 16:39 UTC by Gunnar Hellekson
Modified: 2008-08-12 14:27 UTC (History)
0 users

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Clone Of:
Last Closed: 2008-08-12 14:27:24 UTC
Target Upstream Version:

Attachments (Terms of Use)

Description Gunnar Hellekson 2008-06-24 16:39:01 UTC
    SELinux is preventing /sbin/ppp-watch (pppd_t) "sigkill" access to <Unknown>

Detailed Description
    SELinux denied access requested by /sbin/ppp-watch. It is not expected that
    this access is required by /sbin/ppp-watch and this access may signal an
    intrusion attempt. It is also possible that the specific version or
    configuration of the application is causing it to require additional access.
    Please file a against this

Allowing Access
    Sometimes labeling problems can cause SELinux denials.  You could try to
    restore the default system file context for <Unknown>, restorecon -v
    <Unknown>. There is currently no automatic way to allow this access.
    Instead, you can generate a local policy module to allow this access - see - or you can
    disable SELinux protection entirely for the application. Disabling SELinux
    protection is not recommended. Please file a against this package.
    Changing the "pppd_disable_trans" boolean to true will disable SELinux
    protection this application: "setsebool -P pppd_disable_trans=1."

    The following command will allow this access:
    setsebool -P pppd_disable_trans=1

Additional Information        

Source Context                user_u:system_r:pppd_t
Target Context                user_u:system_r:pppd_t
Target Objects                None [ process ]
Affected RPM Packages         initscripts-8.45.17.EL-1 [application]
Policy RPM                    selinux-policy-2.4.6-106.el5_1.3
Selinux Enabled               True
Policy Type                   targeted
MLS Enabled                   True
Enforcing Mode                Enforcing
Plugin Name                   plugins.disable_trans
Host Name                     ghelleks.csb
Platform                      Linux ghelleks.csb 2.6.18-53.1.21.el5 #1 SMP Wed
                              May 7 08:42:13 EDT 2008 i686 i686
Alert Count                   4
Line Numbers                  

Raw Audit Messages            

avc: denied { sigkill } for comm="ppp-watch" egid=0 euid=0 exe="/sbin/ppp-watch"
exit=-13 fsgid=0 fsuid=0 gid=0 items=0 pid=6989
scontext=user_u:system_r:pppd_t:s0 sgid=0 subj=user_u:system_r:pppd_t:s0 suid=0
tclass=process tcontext=user_u:system_r:pppd_t:s0 tty=(none) uid=0

Steps to Reproduce:
1. Kill ppp-watch
2. Watch ppp-watch try to send pppd a sigkill
3. Watch setroubleshoot appear
Actual results:
AVC Denial

Expected results:
ppp-watch sends sigkill to pppd without an AVC

Comment 2 Daniel Walsh 2008-08-12 14:27:24 UTC
I believe this is fixed in U2 policy

Please update your selinux-policy-targeted package.

Note You need to log in before you can comment on or make changes to this bug.