Note: This is a beta release of Red Hat Bugzilla 5.0. The data contained within is a snapshot of the live data so any changes you make will not be reflected in the production Bugzilla. Also email is disabled so feel free to test any aspect of the site that you want. File any problems you find or give feedback here.
Bug 589540 - SELinux policy appears to prevent NM from interacting with avahi-autoipd correctly
Summary: SELinux policy appears to prevent NM from interacting with avahi-autoipd corr...
Status: CLOSED DUPLICATE of bug 589539
Alias: None
Product: Fedora
Classification: Fedora
Component: selinux-policy-targeted
Version: 12
Hardware: All
OS: Linux
Target Milestone: ---
Assignee: Daniel Walsh
QA Contact: Ben Levenson
Depends On:
TreeView+ depends on / blocked
Reported: 2010-05-06 12:01 UTC by Scott Schmit
Modified: 2010-05-06 12:08 UTC (History)
0 users

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Clone Of:
Last Closed: 2010-05-06 12:08:30 UTC

Attachments (Terms of Use)

Description Scott Schmit 2010-05-06 12:01:55 UTC
Description of problem:
See Bug 587845. When run as root from the commandline, NM is able to establish a link-local connection on IPv4 by using avahi-autoipd. When run as a service, it cannot. The only time that setroubleshooter yells at me is when I run NM from the commandline (because it screws up the context for /etc/resolv.conf and /var/run/nm-dhclient-wlan0.conf) so I'm guessing there's some dontaudits covering up the issue.

Version-Release number of selected component (if applicable):
NetworkManager-0.8.0-12.git20100504.fc12.x86_64 (not sure that this is relevant)

How reproducible:

Steps to Reproduce:
1. Create a connection in NetworkManager with an IPv4 method of "Link-Local"
2. Attempt to connect to that connection

Actual results:
From the logs, you can see that NM calls to avahi-autoipd and then times out.
Run from the commandline, it does not time out, it works.

Expected results:
It should not time out.

Additional info:
NetworkManager executes "avahi-autoipd --script /usr/libexec/nm-avahi-autoipd.action <interface>".
$ ls -lZ /usr/libexec/nm-avahi-autoipd.action /usr/sbin/avahi-autoipd /usr/sbin/NetworkManager 
-rwxr-xr-x. root root system_u:object_r:bin_t:s0       /usr/libexec/nm-avahi-autoipd.action
-rwxr-xr-x. root root system_u:object_r:avahi_exec_t:s0 /usr/sbin/avahi-autoipd
-rwxr-xr-x. root root system_u:object_r:NetworkManager_exec_t:s0 /usr/sbin/NetworkManager

From that, I'm guessing that avahi_t isn't being allowed to do whatever it's supposed to do to let NetworkManager_t know it succeeded.

Comment 1 Scott Schmit 2010-05-06 12:08:30 UTC
Sorry for the spam, I kept getting proxy errors and assumed these weren't getting through.

*** This bug has been marked as a duplicate of bug 589539 ***

Note You need to log in before you can comment on or make changes to this bug.