Note: This is a beta release of Red Hat Bugzilla 5.0. The data contained within is a snapshot of the live data so any changes you make will not be reflected in the production Bugzilla. Also email is disabled so feel free to test any aspect of the site that you want. File any problems you find or give feedback here.
Bug 850437 - SELinux is preventing /sbin/dhclient from 'getattr' accesses on the file /run/nm-dhclient-wlan0.conf.
Summary: SELinux is preventing /sbin/dhclient from 'getattr' accesses on the file /run...
Keywords:
Status: CLOSED NOTABUG
Alias: None
Product: Fedora
Classification: Fedora
Component: selinux-policy
Version: 16
Hardware: x86_64
OS: Unspecified
unspecified
unspecified
Target Milestone: ---
Assignee: Miroslav Grepl
QA Contact: Fedora Extras Quality Assurance
URL:
Whiteboard: abrt_hash:a79b679b036e1c60c3319ff1e68...
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2012-08-21 15:15 UTC by mtrdraco
Modified: 2012-08-27 12:20 UTC (History)
3 users (show)

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed: 2012-08-22 12:11:37 UTC


Attachments (Terms of Use)

Description mtrdraco 2012-08-21 15:15:48 UTC
libreport version: 2.0.10
executable:     /usr/bin/python2.7
hashmarkername: setroubleshoot
kernel:         3.4.9-1.fc16.x86_64
time:           Tue 21 Aug 2012 11:15:20 AM EDT

description:
:SELinux is preventing /sbin/dhclient from 'getattr' accesses on the file /run/nm-dhclient-wlan0.conf.
:
:*****  Plugin restorecon (99.5 confidence) suggests  *************************
:
:If you want to fix the label. 
:/run/nm-dhclient-wlan0.conf default label should be NetworkManager_var_run_t.
:Then you can run restorecon.
:Do
:# /sbin/restorecon -v /run/nm-dhclient-wlan0.conf
:
:*****  Plugin catchall (1.49 confidence) suggests  ***************************
:
:If you believe that dhclient should be allowed getattr access on the nm-dhclient-wlan0.conf file by default.
:Then you should report this as a bug.
:You can generate a local policy module to allow this access.
:Do
:allow this access for now by executing:
:# grep dhclient /var/log/audit/audit.log | audit2allow -M mypol
:# semodule -i mypol.pp
:
:Additional Information:
:Source Context                unconfined_u:system_r:dhcpc_t:s0-s0:c0.c1023
:Target Context                unconfined_u:object_r:var_run_t:s0
:Target Objects                /run/nm-dhclient-wlan0.conf [ file ]
:Source                        dhclient
:Source Path                   /sbin/dhclient
:Port                          <Unknown>
:Host                          (removed)
:Source RPM Packages           dhclient-4.2.3-11.P2.fc16.x86_64
:Target RPM Packages           
:Policy RPM                    selinux-policy-3.10.0-90.fc16.noarch
:Selinux Enabled               True
:Policy Type                   targeted
:Enforcing Mode                Enforcing
:Host Name                     (removed)
:Platform                      Linux (removed) 3.4.9-1.fc16.x86_64 #1 SMP Wed
:                              Aug 15 20:45:23 UTC 2012 x86_64 x86_64
:Alert Count                   2
:First Seen                    Tue 21 Aug 2012 11:10:32 AM EDT
:Last Seen                     Tue 21 Aug 2012 11:13:19 AM EDT
:Local ID                      22348d3e-7fed-49a5-9f50-d1f5308c64df
:
:Raw Audit Messages
:type=AVC msg=audit(1345561999.809:147): avc:  denied  { getattr } for  pid=4318 comm="dhclient" path="/run/nm-dhclient-wlan0.conf" dev="tmpfs" ino=39914 scontext=unconfined_u:system_r:dhcpc_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:var_run_t:s0 tclass=file
:
:
:type=SYSCALL msg=audit(1345561999.809:147): arch=x86_64 syscall=fstat success=no exit=EACCES a0=4 a1=7fff06412620 a2=7fff06412620 a3=0 items=0 ppid=3932 pid=4318 auid=1000 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=3 comm=dhclient exe=/sbin/dhclient subj=unconfined_u:system_r:dhcpc_t:s0-s0:c0.c1023 key=(null)
:
:Hash: dhclient,dhcpc_t,var_run_t,file,getattr
:
:audit2allow
:
:#============= dhcpc_t ==============
:allow dhcpc_t var_run_t:file getattr;
:
:audit2allow -R
:
:#============= dhcpc_t ==============
:allow dhcpc_t var_run_t:file getattr;
:

Comment 1 Miroslav Grepl 2012-08-22 12:11:37 UTC
# /sbin/restorecon -v /run/nm-dhclient-wlan0.conf

Are you able to reproduce it if you fix this using restorecon.

Comment 2 mtrdraco 2012-08-22 14:50:45 UTC
(In reply to comment #1)
> # /sbin/restorecon -v /run/nm-dhclient-wlan0.conf
> 
> Are you able to reproduce it if you fix this using restorecon.

Yes, I had to use a custom policy for a workaround. The bug report was primarily due to this occurring for the first time after a reboot, with no known system change. I actually think the problem has something to do with NetworkManager, so I'm glad it's already set to closed. I forgot to change this yesterday.

Comment 3 Miroslav Grepl 2012-08-27 12:20:28 UTC
Let's open this bug if you see it again. Thank you.


Note You need to log in before you can comment on or make changes to this bug.