http://bugzilla.opensuse.org/show_bug.cgi?id=1205580 Bug ID: 1205580 Summary: SELinux denied access to firewalld in YaST network configuration Classification: openSUSE Product: openSUSE Tumbleweed Version: Current Hardware: Other OS: Other Status: NEW Severity: Normal Priority: P5 - None Component: Basesystem Assignee: screening-team-bugs@suse.de Reporter: felix.niederwanger@suse.com QA Contact: qa-bugs@suse.de Found By: --- Blocker: --- Configuring the Network via YaST (using wicked) results on a Tumbleweed system with SELinux enabled results in the following access denial:
time->Sun Nov 20 09:59:05 2022 type=PROCTITLE msg=audit(1668938345.928:166): proctitle=2F7573722F62696E2F707974686F6E33002F7573722F7362696E2F6669726577616C6C64002D2D6E6F666F726B002D2D6E6F706964 type=PATH msg=audit(1668938345.928:166): item=0 name="/etc/sysconfig/network/" inode=1290 dev=00:26 mode=040755 ouid=0 ogid=0 rdev=00:00 obj=system_u:object_r:etc_t:s0 nametype=PARENT cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0 type=CWD msg=audit(1668938345.928:166): cwd="/" type=SYSCALL msg=audit(1668938345.928:166): arch=c000003e syscall=257 success=no exit=-13 a0=ffffff9c a1=7f154a905fe0 a2=a00c2 a3=180 items=1 ppid=1 pid=759 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="firewalld" exe="/usr/bin/python3.10" subj=system_u:system_r:firewalld_t:s0 key=(null) type=AVC msg=audit(1668938345.928:166): avc: denied { write } for pid=759 comm="firewalld" name="network" dev="overlay" ino=1290 scontext=system_u:system_r:firewalld_t:s0 tcontext=system_u:object_r:etc_t:s0 tclass=dir permissive=0
Looks like that the firewalld context is missing some rules to properly work. -- You are receiving this mail because: You are on the CC list for the bug.