[DSE-Dev] Bug#711083: selinux-policy-default: NetworkManager_t can't access var_run_t, returns failed to insert Dummy STA entry for the AP when trying to connect to a wifi network
Kim Twain
kimtwain0 at gmail.com
Tue Jun 4 14:18:19 UTC 2013
Package: selinux-policy-default
Version: 2:2.20110726-12
Severity: normal
Dear Maintainer,
Using selinux with the default policy on debian 7 makes it impossible to connect to wifi networks using NetworkManager.
NetworkManager will report a similar error in dmesg:
[ 56.858552] wlan0: authenticate with 74:ea:3a:e9:46:2c (try 1)
[ 56.861540] wlan0: authenticated
[ 56.861883] wlan0: failed to insert Dummy STA entry for the AP (error -17)
[ 57.531657] wlan0: deauthenticating from 74:ea:3a:e9:46:2c by local choice (reason=2)
It seems that it needs access to /run/network/ifstate
except from /var/log/audit/audit.log
type=AVC msg=audit(1370353842.447:245): avc: denied { open } for pid=590 comm="ifup" name="ifstate" dev=tmpfs ino=6897 scontext=system_u:system_r:udev_t:s0-s0:c0.c1023 tcontext=system_u:object_r:var_run_t:s0 tclass=file
type=AVC msg=audit(1370353842.447:246): avc: denied { lock } for pid=590 comm="ifup" path="/run/network/ifstate" dev=tmpfs ino=6897 scontext=system_u:system_r:udev_t:s0-s0:c0.c1023 tcontext=system_u:object_r:var_run_t:s0 tclass=file
type=AVC msg=audit(1370353842.447:247): avc: denied { getattr } for pid=590 comm="ifup" path="/run/network/ifstate" dev=tmpfs ino=6897 scontext=system_u:system_r:udev_t:s0-s0:c0.c1023 tcontext=system_u:object_r:var_run_t:s0 tclass=file
type=AVC msg=audit(1370353842.447:248): avc: denied { unlink } for pid=590 comm="ifup" name="ifstate" dev=tmpfs ino=6897 scontext=system_u:system_r:udev_t:s0-s0:c0.c1023 tcontext=system_u:object_r:var_run_t:s0 tclass=file
type=AVC msg=audit(1370353843.471:249): avc: denied { read } for pid=3352 comm="NetworkManager" name="ifstate" dev=tmpfs ino=14226 scontext=system_u:system_r:NetworkManager_t:s0 tcontext=system_u:object_r:var_run_t:s0 tclass=file
type=AVC msg=audit(1370353843.471:249): avc: denied { open } for pid=3352 comm="NetworkManager" name="ifstate" dev=tmpfs ino=14226 scontext=system_u:system_r:NetworkManager_t:s0 tcontext=system_u:object_r:var_run_t:s0 tclass=file
type=SYSCALL msg=audit(1370353843.471:249): arch=c000003e syscall=2 success=yes exit=19 a0=4b49b0 a1=0 a2=1b6 a3=7fff664177b0 items=0 ppid=1 pid=3352 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="NetworkManager" exe="/usr/sbin/NetworkManager" subj=system_u:system_r:NetworkManager_t:s0 key=(null)
type=AVC msg=audit(1370353843.471:250): avc: denied { getattr } for pid=3352 comm="NetworkManager" path="/run/network/ifstate" dev=tmpfs ino=14226 scontext=system_u:system_r:NetworkManager_t:s0 tcontext=system_u:object_r:var_run_t:s0 tclass=file
type=SYSCALL msg=audit(1370353843.471:250): arch=c000003e syscall=5 success=yes exit=0 a0=13 a1=7fff66417760 a2=7fff66417760 a3=7fff664177b0 items=0 ppid=1 pid=3352 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="NetworkManager" exe="/usr/sbin/NetworkManager" subj=system_u:system_r:NetworkManager_t:s0 key=(null)
-- System Information:
Debian Release: 7.0
APT prefers stable-updates
APT policy: (500, 'stable-updates'), (500, 'stable')
Architecture: amd64 (x86_64)
Kernel: Linux 3.2.0-4-amd64 (SMP w/4 CPU cores)
Locale: LANG=it_IT.UTF-8, LC_CTYPE=it_IT.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Versions of packages selinux-policy-default depends on:
ii libpam-modules 1.1.3-7.1
ii libselinux1 2.1.9-5
ii libsepol1 2.1.4-3
ii policycoreutils 2.1.10-9
ii python 2.7.3-4
Versions of packages selinux-policy-default recommends:
ii checkpolicy 2.1.8-2
ii setools 3.3.7-3
Versions of packages selinux-policy-default suggests:
pn logcheck <none>
pn syslog-summary <none>
-- Configuration Files:
/etc/selinux/default/modules/active/file_contexts.local [Errno 13] Permesso negato: u'/etc/selinux/default/modules/active/file_contexts.local'
-- no debconf information
More information about the SELinux-devel
mailing list