[Hampshire] (no subject)

Top Page
This message is part of the following thread:
Mthe complete thread tree sorted by date
 
 

Reply to this message
Author: B STEVENS
Date:  
To: hampshire
New-Topics: Re: [Hampshire] Fedora 10 SELinux
Subject: [Hampshire] (no subject)
Well I'll go to the bottom of our stairs... I edited /etc/selinux/config (to recreate the error message),  typed "touch /.autorelabel && reboot" and it now works with SELinux set to enforcing.

Anyhoo, here's the error message.

Regards

Bryan

--

Summary
SELinux is preventing NetworkManager (NetworkManager_t) "search" to ./dhclient (dhcpc_state_t).

Detailed Description
[SELinux is in permissive mode, the operation would have been denied but was permitted due to permissive mode.]
SELinux denied access requested by NetworkManager. It is not expected that this access is required by NetworkManager and this access may signal an intrusion attempt. It is also possible that the specific version or configuration of the application is causing it to require additional access.

Allowing Access
Sometimes labeling problems can cause SELinux denials. You could try to restore the default system file context for ./dhclient,

restorecon -v './dhclient'

If this does not work, there is currently no automatic way to allow this access. Instead, you can generate a local policy module to allow this access - see FAQ Or you can disable SELinux protection altogether. Disabling SELinux protection is not recommended. Please file a bug report against this package.

Additional Information
Source Context:  system_u:system_r:NetworkManager_t:s0
Target Context:  system_u:object_r:dhcpc_state_t:s0
Target Objects:  ./dhclient [ dir ]
Source:  NetworkManager
Source Path:  /usr/sbin/NetworkManager
Port:  <Unknown>
Host:  linux.localdomain
Source RPM Packages:  NetworkManager-0.7.0-0.12.svn4326.fc11
Target RPM Packages: 
Policy RPM:  selinux-policy-3.5.13-18.fc10
Selinux Enabled:  True
Policy Type:  targeted
MLS Enabled:  True
Enforcing Mode:  Permissive
Plugin Name:  catchall_file
Host Name:  linux.localdomain
Platform:  Linux linux.localdomain 2.6.27.5-117.fc10.i686 #1 SMP Tue Nov 18 12:19:59 EST 2008 i686 i686
Alert Count:  12
First Seen:  Sun 30 Nov 2008 10:37:56 PM GMT
Last Seen:  Tue 02 Dec 2008 08:12:38 AM GMT
Local ID:  d4daa9d1-acc9-4f09-810b-e41e32a4c505
Line Numbers: 

Raw Audit Messages :
node=linux.localdomain type=AVC msg=audit(1228205558.218:12): avc: denied { search } for pid=2222 comm="NetworkManager" name="dhclient" dev=sda3 ino=5021904 scontext=system_u:system_r:NetworkManager_t:s0 tcontext=system_u:object_r:dhcpc_state_t:s0 tclass=dir

node=linux.localdomain type=AVC msg=audit(1228205558.218:12): avc: denied { write } for pid=2222 comm="NetworkManager" name="dhclient" dev=sda3 ino=5021904 scontext=system_u:system_r:NetworkManager_t:s0 tcontext=system_u:object_r:dhcpc_state_t:s0 tclass=dir

node=linux.localdomain type=AVC msg=audit(1228205558.218:12): avc: denied { remove_name } for pid=2222 comm="NetworkManager" name="dhclient-wlan0.lease" dev=sda3 ino=5022402 scontext=system_u:system_r:NetworkManager_t:s0 tcontext=system_u:object_r:dhcpc_state_t:s0 tclass=dir

node=linux.localdomain type=AVC msg=audit(1228205558.218:12): avc: denied { unlink } for pid=2222 comm="NetworkManager" name="dhclient-wlan0.lease" dev=sda3 ino=5022402 scontext=system_u:system_r:NetworkManager_t:s0 tcontext=system_u:object_r:dhcpc_state_t:s0 tclass=file

node=linux.localdomain type=SYSCALL msg=audit(1228205558.218:12): arch=40000003 syscall=10 success=yes exit=0 a0=9e53790 a1=29 a2=7d9ff4 a3=9e53790 items=0 ppid=1 pid=2222 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="NetworkManager" exe="/usr/sbin/NetworkManager" subj=system_u:system_r:NetworkManager_t:s0 key=(null)
John Cooper wrote:
> B STEVENS wrote:
>> One thing certainly impressed me about Fedora 10 was the fact it
>> immediately recognised my Intel Corporation PRO/Wireless 3945ABG
>> Network Connection.
>>
>> I did have to disable SELinux (it had to be set to
"disabled", not
>> "permissive") and change the router from 64 bit WEP to 128
bit but
>> it's probably the least painful linux wireless setup I've
encountered.
>>
>> Regards
>>
>> Bryan
>>
> Yes, SELinux seems to be on steroids in F10. I'm using permissive to
try
> and fix it but it is proving difficult. I have to say Ubuntu wins hands
> down on the wireless front. I had to manually download and extract the
> FW for my broadcom chip, plus NetworkManager wouldn't work, so updated
> the config.

what is not working with SELinux? Error messages? Logs?
Have you tried a complete relabel just in case? (I ask because it works
fine here on the 3 very different boxes I have running it)

touch /.autorelabel && reboot


Stuart
This message was posted to the following mailing lists:
Hampshire LUG
Mailing List Info | Nearby Messages		<-Re: [Hampshire] I am a person not a PC...Re: [Hampshire] First impressions of Fedora 10->
Hampshire LUG Mailing List Archive administrated by WebmasterLurker (version 2.3)