Bug ID 1205580
Summary SELinux denied access to firewalld in YaST network configuration
Classification openSUSE
Product openSUSE Tumbleweed
Version Current
Hardware Other
OS Other
Status NEW
Severity Normal
Priority P5 - None
Component Basesystem
Assignee screening-team-bugs@suse.de
Reporter felix.niederwanger@suse.com
QA Contact qa-bugs@suse.de
Found By ---
Blocker --- 

Configuring the Network via YaST (using wicked) results on a Tumbleweed system
with SELinux enabled results in the following access denial:

> time->Sun Nov 20 09:59:05 2022
> type=PROCTITLE msg=audit(1668938345.928:166): proctitle=2F7573722F62696E2F707974686F6E33002F7573722F7362696E2F6669726577616C6C64002D2D6E6F666F726B002D2D6E6F706964
> type=PATH msg=audit(1668938345.928:166): item=0 name="/etc/sysconfig/network/" inode=1290 dev=00:26 mode=040755 ouid=0 ogid=0 rdev=00:00 obj=system_u:object_r:etc_t:s0 nametype=PARENT cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0
> type=CWD msg=audit(1668938345.928:166): cwd="/"
> type=SYSCALL msg=audit(1668938345.928:166): arch=c000003e syscall=257 success=no exit=-13 a0=ffffff9c a1=7f154a905fe0 a2=a00c2 a3=180 items=1 ppid=1 pid=759 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="firewalld" exe="/usr/bin/python3.10" subj=system_u:system_r:firewalld_t:s0 key=(null)
> type=AVC msg=audit(1668938345.928:166): avc:  denied  { write } for  pid=759 comm="firewalld" name="network" dev="overlay" ino=1290 scontext=system_u:system_r:firewalld_t:s0 tcontext=system_u:object_r:etc_t:s0 tclass=dir permissive=0

Looks like that the firewalld context is missing some rules to properly work.

You are receiving this mail because: