Tom London wrote:
Running today's rawhide, targeted/enforcing.
The new kernel and NM supports WPA. Works in permissive mode.
Seems to want:
allow NetworkManager_t self:unix_dgram_socket sendto;
allow NetworkManager_t tmp_t:dir remove_name;
allow NetworkManager_t tmp_t:sock_file unlink;
allow NetworkManager_t var_run_t:dir create;
allow NetworkManager_t var_run_t:sock_file setattr;
Yes I am working with the NetworkManager maintainer to fix some problems
in the design of NetworkManager/wpa
So hopefully we can get this fixed by tomorrow.
Dan
----
type=PATH msg=audit(01/31/2006 07:17:14.277:45) : item=0 flags=parent
inode=2777160 dev=fd:00 mode=dir,755 ouid=root ogid=root rdev=00:00
type=SOCKETCALL msg=audit(01/31/2006 07:17:14.277:45) : nargs=3 a0=3
a1=bfd8f0fe a2=6e
type=SOCKADDR msg=audit(01/31/2006 07:17:14.277:45) : saddr=local
/var/run/wpa_supplicant-global
type=SYSCALL msg=audit(01/31/2006 07:17:14.277:45) : arch=i386
syscall=socketcall(bind) success=yes exit=0 a0=2 a1=bfd8f0e0 a2=3
a3=8af7020 items=1 pid=3138 auid=unknown(4294967295) uid=root gid=root
euid=root suid=root fsuid=root egid=root sgid=root fsgid=root
comm=wpa_supplicant exe=/usr/sbin/wpa_supplicant
type=AVC msg=audit(01/31/2006 07:17:14.277:45) : avc: denied {
create } for pid=3138 comm=wpa_supplicant name=wpa_supplicant-global
scontext=system_u:system_r:NetworkManager_t:s0
tcontext=system_u:object_r:var_run_t:s0 tclass=sock_file
----
type=PATH msg=audit(01/31/2006 07:17:15.281:46) : item=0 flags=parent
inode=980161 dev=fd:00 mode=dir,sticky,777 ouid=root ogid=root
rdev=00:00
type=SOCKETCALL msg=audit(01/31/2006 07:17:15.281:46) : nargs=3 a0=12
a1=810f9ac a2=6e
type=SOCKADDR msg=audit(01/31/2006 07:17:15.281:46) : saddr=local
/tmp/wpa_ctrl_2606-1
type=SYSCALL msg=audit(01/31/2006 07:17:15.281:46) : arch=i386
syscall=socketcall(bind) success=yes exit=0 a0=2 a1=b7579240 a2=1
a3=810f9a8 items=1 pid=2615 auid=unknown(4294967295) uid=root gid=root
euid=root suid=root fsuid=root egid=root sgid=root fsgid=root
comm=NetworkManager exe=/usr/sbin/NetworkManager
type=AVC msg=audit(01/31/2006 07:17:15.281:46) : avc: denied {
create } for pid=2615 comm=NetworkManager name=wpa_ctrl_2606-1
scontext=system_u:system_r:NetworkManager_t:s0
tcontext=system_u:object_r:tmp_t:s0 tclass=sock_file
type=AVC msg=audit(01/31/2006 07:17:15.281:46) : avc: denied {
add_name } for pid=2615 comm=NetworkManager name=wpa_ctrl_2606-1
scontext=system_u:system_r:NetworkManager_t:s0
tcontext=system_u:object_r:tmp_t:s0 tclass=dir
type=AVC msg=audit(01/31/2006 07:17:15.281:46) : avc: denied { write
} for pid=2615 comm=NetworkManager name=tmp dev=dm-0 ino=980161
scontext=system_u:system_r:NetworkManager_t:s0
tcontext=system_u:object_r:tmp_t:s0 tclass=dir
type=AVC msg=audit(01/31/2006 07:17:15.281:46) : avc: denied {
search } for pid=2615 comm=NetworkManager name=tmp dev=dm-0
ino=980161 scontext=system_u:system_r:NetworkManager_t:s0
tcontext=system_u:object_r:tmp_t:s0 tclass=dir
----
type=PATH msg=audit(01/31/2006 07:17:15.281:47) : item=0 flags=follow
inode=2778180 dev=fd:00 mode=socket,755 ouid=root ogid=root rdev=00:00
type=SOCKETCALL msg=audit(01/31/2006 07:17:15.281:47) : nargs=3 a0=12
a1=810fa1a a2=6e
type=SOCKADDR msg=audit(01/31/2006 07:17:15.281:47) : saddr=local
/var/run/wpa_supplicant-global
type=AVC_PATH msg=audit(01/31/2006 07:17:15.281:47) :
path=/var/run/wpa_supplicant-global
type=SYSCALL msg=audit(01/31/2006 07:17:15.281:47) : arch=i386
syscall=socketcall(connect) success=yes exit=0 a0=3 a1=b7579240 a2=1
a3=0 items=1 pid=2615 auid=unknown(4294967295) uid=root gid=root
euid=root suid=root fsuid=root egid=root sgid=root fsgid=root
comm=NetworkManager exe=/usr/sbin/NetworkManager
type=AVC msg=audit(01/31/2006 07:17:15.281:47) : avc: denied {
sendto } for pid=2615 comm=NetworkManager name=wpa_supplicant-global
scontext=system_u:system_r:NetworkManager_t:s0
tcontext=system_u:system_r:NetworkManager_t:s0
tclass=unix_dgram_socket
type=AVC msg=audit(01/31/2006 07:17:15.281:47) : avc: denied { write
} for pid=2615 comm=NetworkManager name=wpa_supplicant-global
dev=dm-0 ino=2778180 scontext=system_u:system_r:NetworkManager_t:s0
tcontext=system_u:object_r:var_run_t:s0 tclass=sock_file
----
type=PATH msg=audit(01/31/2006 07:17:15.309:48) : item=0
name=/var/run/wpa_supplicant flags=parent inode=2777160 dev=fd:00
mode=dir,755 ouid=root ogid=root rdev=00:00
type=CWD msg=audit(01/31/2006 07:17:15.309:48) : cwd=/
type=SYSCALL msg=audit(01/31/2006 07:17:15.309:48) : arch=i386
syscall=mkdir success=yes exit=0 a0=8af7aa8 a1=1f8 a2=8af7958
a3=8af7958 items=1 pid=3138 auid=unknown(4294967295) uid=root gid=root
euid=root suid=root fsuid=root egid=root sgid=root fsgid=root
comm=wpa_supplicant exe=/usr/sbin/wpa_supplicant
type=AVC msg=audit(01/31/2006 07:17:15.309:48) : avc: denied {
create } for pid=3138 comm=wpa_supplicant name=wpa_supplicant
scontext=system_u:system_r:NetworkManager_t:s0
tcontext=system_u:object_r:var_run_t:s0 tclass=dir
----
type=PATH msg=audit(01/31/2006 07:17:15.465:49) : item=0
name=/var/run/wpa_supplicant/eth1 flags=follow inode=3628151 dev=fd:00
mode=socket,755 ouid=root ogid=root rdev=00:00
type=CWD msg=audit(01/31/2006 07:17:15.465:49) : cwd=/
type=SYSCALL msg=audit(01/31/2006 07:17:15.465:49) : arch=i386
syscall=chmod success=yes exit=0 a0=8b00e68 a1=1f8 a2=8b00e68
a3=8af7958 items=1 pid=3138 auid=unknown(4294967295) uid=root gid=root
euid=root suid=root fsuid=root egid=root sgid=root fsgid=root
comm=wpa_supplicant exe=/usr/sbin/wpa_supplicant
type=AVC msg=audit(01/31/2006 07:17:15.465:49) : avc: denied {
setattr } for pid=3138 comm=wpa_supplicant name=eth1 dev=dm-0
ino=3628151 scontext=system_u:system_r:NetworkManager_t:s0
tcontext=system_u:object_r:var_run_t:s0 tclass=sock_file
----
type=AVC msg=audit(01/31/2006 07:17:15.465:50) : avc: denied { write
} for pid=3138 comm=wpa_supplicant name=wpa_ctrl_2606-1 dev=dm-0
ino=980237 scontext=system_u:system_r:NetworkManager_t:s0
tcontext=system_u:object_r:tmp_t:s0 tclass=sock_file
----
type=PATH msg=audit(01/31/2006 07:17:15.465:51) : item=0
name=/tmp/wpa_ctrl_2606-1 flags=parent inode=980161 dev=fd:00
mode=dir,sticky,777 ouid=root ogid=root rdev=00:00
type=CWD msg=audit(01/31/2006 07:17:15.465:51) : cwd=/
type=SYSCALL msg=audit(01/31/2006 07:17:15.465:51) : arch=i386
syscall=unlink success=yes exit=0 a0=810f9ae a1=1 a2=810f9a8
a3=81084b0 items=1 pid=2615 auid=unknown(4294967295) uid=root gid=root
euid=root suid=root fsuid=root egid=root sgid=root fsgid=root
comm=NetworkManager exe=/usr/sbin/NetworkManager
type=AVC msg=audit(01/31/2006 07:17:15.465:51) : avc: denied {
unlink } for pid=2615 comm=NetworkManager name=wpa_ctrl_2606-1
dev=dm-0 ino=980237 scontext=system_u:system_r:NetworkManager_t:s0
tcontext=system_u:object_r:tmp_t:s0 tclass=sock_file
type=AVC msg=audit(01/31/2006 07:17:15.465:51) : avc: denied {
remove_name } for pid=2615 comm=NetworkManager name=wpa_ctrl_2606-1
dev=dm-0 ino=980237 scontext=system_u:system_r:NetworkManager_t:s0
tcontext=system_u:object_r:tmp_t:s0 tclass=dir
----
type=PATH msg=audit(01/31/2006 07:17:15.465:50) : item=0 flags=follow
inode=980237 dev=fd:00 mode=socket,755 ouid=root ogid=root rdev=00:00
type=SOCKETCALL msg=audit(01/31/2006 07:17:15.465:50) : nargs=6 a0=3
a1=8af7150 a2=3 a3=0 a4=bfd8f0b6 a5=17
type=SOCKADDR msg=audit(01/31/2006 07:17:15.465:50) : saddr=local
/tmp/wpa_ctrl_2606-1
type=SYSCALL msg=audit(01/31/2006 07:17:15.465:50) : arch=i386
syscall=socketcall(sendto) success=yes exit=3 a0=b a1=bfd8ef80
a2=bfd8efc4 a3=0 items=1 pid=3138 auid=unknown(4294967295) uid=root
gid=root euid=root suid=root fsuid=root egid=root sgid=root fsgid=root
comm=wpa_supplicant exe=/usr/sbin/wpa_supplicant
--
Tom London
--
fedora-selinux-list mailing list
fedora-selinux-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/fedora-selinux-list
--
fedora-selinux-list mailing list
fedora-selinux-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/fedora-selinux-list
