-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Tom London wrote:
> Running latest rawhide, targeted/enforcing (selinux-policy-3.2.5-12.fc9).
>
> Notice the following AVC in audit.log
>
> type=AVC msg=audit(1200767626.005:18): avc: denied { read } for
> pid=2725 comm="wpa_supplicant" path="inotify" dev=inotifyfs ino=1
> scontext=system_u:system_r:NetworkManager_t:s0
> tcontext=system_u:object_r:inotifyfs_t:s0 tclass=dir
> type=SYSCALL msg=audit(1200767626.005:18): arch=40000003 syscall=11
> success=yes exit=0 a0=8619fd8 a1=8619c78 a2=8619008 a3=de799c items=0
> ppid=2724 pid=2725 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0
> egid=0 sgid=0 fsgid=0 tty=(none) comm="wpa_supplicant"
> exe="/usr/sbin/wpa_supplicant"
> subj=system_u:system_r:NetworkManager_t:s0 key=(null)
> type=ANOM_ABEND msg=audit(1200767646.778:19): auid=4294967295 uid=42
> gid=42 subj=system_u:system_r:xdm_t:s0-s0:c0.c1023 pid=2742
> comm="dbus-launch" sig=6
>
> #============= NetworkManager_t ==============
> allow NetworkManager_t inotifyfs_t:dir read;
>
> Appears to be generated before gdm login; sort of looks like when
> NetworkManager is started by init.
>
> Not exactly sure where to BZ..... wpa_supplicant? NetworkManager? inotify?
>
> tom
Yes it should be fixed tonight's rawhide.
Lots of new stuff seems to be using inotify
gdm is getting a facelift/rewrite to be able to do things like setup
networking before login.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.8 (GNU/Linux)
Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org
iEYEARECAAYFAkeVELkACgkQrlYvE4MpobOU8wCdGSreL33XaGcP5iHNXwqXueXl
p1wAnRRnxYTf9jNYe+h/lQ2JlAOh0YtX
=gCZb
-----END PGP SIGNATURE-----
--
fedora-selinux-list mailing list
fedora-selinux-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/fedora-selinux-list
