View Issue Details

IDProjectCategoryView StatusLast Update
0018542CentOS-8wpa_supplicantpublic2022-11-27 00:54
ReporterKhairi Assigned To 
Status closedResolutionwon't fix 
PlatformCentos stream 9 
Summary0018542: wpa supplicant
DescriptionSELinux is preventing /usr/sbin/wpa_supplicant from using the bpf capability.

***** Plugin catchall (100. confidence) suggests **************************

If you believe that wpa_supplicant should have the bpf capability by default.
Then you should report this as a bug.
You can generate a local policy module to allow this access.
allow this access for now by executing:
# ausearch -c 'wpa_supplicant' --raw | audit2allow -M my-wpasupplicant
# semodule -X 300 -i my-wpasupplicant.pp

Additional Information:
Source Context system_u:system_r:NetworkManager_t:s0
Target Context system_u:system_r:NetworkManager_t:s0
Target Objects Unknown [ capability2 ]
Source wpa_supplicant
Source Path /usr/sbin/wpa_supplicant
Port <Unknown>
Source RPM Packages wpa_supplicant-2.10-4.el9.x86_64
Target RPM Packages
SELinux Policy RPM selinux-policy-targeted-34.1.46-1.el9.noarch
Local Policy RPM selinux-policy-targeted-34.1.46-1.el9.noarch
Selinux Enabled True
Policy Type targeted
Enforcing Mode Enforcing
Host Name
Platform Linux 5.14.0-197.el9.x86_64 #1 SMP
                              PREEMPT_DYNAMIC Wed Nov 16 17:08:31 UTC 2022
                              x86_64 x86_64
Alert Count 6
First Seen 2022-11-21 15:01:14 CET
Last Seen 2022-11-22 07:52:33 CET
Local ID 4c5e5996-801c-438c-b95d-685305523b9e

Raw Audit Messages
type=AVC msg=audit(1669099953.794:205): avc: denied { bpf } for pid=1050 comm="wpa_supplicant" capability=39 scontext=system_u:system_r:NetworkManager_t:s0 tcontext=system_u:system_r:NetworkManager_t:s0 tclass=capability2 permissive=0

type=SYSCALL msg=audit(1669099953.794:205): arch=x86_64 syscall=setsockopt success=yes exit=0 a0=c a1=1 a2=1a a3=55b2ffb093a0 items=0 ppid=1 pid=1050 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=wpa_supplicant exe=/usr/sbin/wpa_supplicant subj=system_u:system_r:NetworkManager_t:s0 key=(null)

Hash: wpa_supplicant,NetworkManager_t,NetworkManager_t,capability2,bpf
Steps To Reproducewpa supplicant
TagsNo tags attached.




2022-11-27 00:53

manager   ~0039038

All CentOS Stream-related bugs must be reported at RHBZ. Details are in .

Issue History

Date Modified Username Field Change
2022-11-22 06:54 Khairi New Issue
2022-11-27 00:53 toracat Note Added: 0039038
2022-11-27 00:54 toracat Status new => closed
2022-11-27 00:54 toracat Resolution open => won't fix