Re: [Hampshire] Fedora 10 SELinux

Top Page
This message is part of the following thread:
M\the complete thread tree sorted by date
MM 
B STEVENS at ->

Reply to this message
Author: John Cooper
Date:  
To: Hampshire LUG Discussion List
Old-Topics: [Hampshire] (no subject)
Subject: Re: [Hampshire] Fedora 10 SELinux
B STEVENS wrote:
> Well I'll go to the bottom of our stairs... I edited /etc/selinux/config
> (to recreate the error message), typed "touch /.autorelabel && reboot"
> and it now works with SELinux set to enforcing.
>
> Anyhoo, here's the error message.
>
> Regards
>
> Bryan
>
> --
>
> Summary
> SELinux is preventing NetworkManager (NetworkManager_t) "search" to
> ./dhclient (dhcpc_state_t).
>
> Allowing Access
> Sometimes labeling problems can cause SELinux denials. You could try to
> restore the default system file context for ./dhclient,
>
> restorecon -v './dhclient'
>
>
> Additional Information
> Source Context: system_u:system_r:NetworkManager_t:s0
> Target Context: system_u:object_r:dhcpc_state_t:s0
> Target Objects: ./dhclient [ dir ]
> Source: NetworkManager
> Source Path: /usr/sbin/NetworkManager
> Port: <Unknown>
> Host: linux.localdomain
> Source RPM Packages: NetworkManager-0.7.0-0.12.svn4326.fc11
> Target RPM Packages:
> Policy RPM: selinux-policy-3.5.13-18.fc10
> Selinux Enabled: True
> Policy Type: targeted
> MLS Enabled: True
> Enforcing Mode: Permissive
> Plugin Name: catchall_file
> Host Name: linux.localdomain
> Platform: Linux linux.localdomain 2.6.27.5-117.fc10.i686 #1 SMP Tue Nov
> 18 12:19:59 EST 2008 i686 i686
> Alert Count: 12
> First Seen: Sun 30 Nov 2008 10:37:56 PM GMT
> Last Seen: Tue 02 Dec 2008 08:12:38 AM GMT
> Local ID: d4daa9d1-acc9-4f09-810b-e41e32a4c505
> Line Numbers:
>
> Raw Audit Messages :
> node=linux.localdomain type=AVC msg=audit(1228205558.218:12): avc:
> denied { search } for pid=2222 comm="NetworkManager" name="dhclient"
> dev=sda3 ino=5021904 scontext=system_u:system_r:NetworkManager_t:s0
> tcontext=system_u:object_r:dhcpc_state_t:s0 tclass=dir
>
> node=linux.localdomain type=SYSCALL msg=audit(1228205558.218:12):
> arch=40000003 syscall=10 success=yes exit=0 a0=9e53790 a1=29 a2=7d9ff4
> a3=9e53790 items=0 ppid=1 pid=2222 auid=4294967295 uid=0 gid=0 euid=0
> suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295
> comm="NetworkManager" exe="/usr/sbin/NetworkManager"
> subj=system_u:system_r:NetworkManager_t:s0 key=(null)
>
>
Bryan, my SELinux context are different to yours. Check the following
and if different do a restorecon -v '/usr/sbin/NetworkManager' and
restorecon -v '/sbin/dhclient' to see if updated.

$ ls -alZ /usr/sbin/NetworkManager
-rwxr-xr-x root root system_u:object_r:NetworkManager_exec_t:s0
/usr/sbin/NetworkManager
$ which dhclient
/sbin/dhclient
$ ls -alZ /sbin/dhclient
-rwxr-xr-x root root system_u:object_r:dhcpc_exec_t:s0 /sbin/dhclient



--
--------------------------------------------------------------
Discover Linux - Open Source Solutions to Business and Schools
http://discoverlinux.co.uk
--------------------------------------------------------------


This message was posted to the following mailing lists:
Hampshire LUG
Mailing List Info | Nearby Messages		<-Re: [Hampshire] First impressions of Fedora 10Re: [Hampshire] Fedora 10 SELinux->
Hampshire LUG Mailing List Archive administrated by WebmasterLurker (version 2.3)