FAQ Search Today's Posts Mark Forums Read
» Video Reviews

» Linux Archive

Linux-archive is a website aiming to archive linux email lists and to make them easily accessible for linux users/developers.


» Sponsor

» Partners

» Sponsor

Go Back   Linux Archive > Redhat > Fedora SELinux Support

 
 
LinkBack Thread Tools
 
Old 02-17-2009, 02:43 PM
Antonio Olivares
 
Default network-scripts problem

Dear fellow testers,

I encountered network functions/network-scripts problem

[root@localhost ~]# dhclient eth0
Missing /etc/sysconfig/network-scripts/network-functions, exiting.
Missing /etc/sysconfig/network-scripts/network-functions, exiting.
Missing /etc/sysconfig/network-scripts/network-functions, exiting.
^C
[root@localhost ~]# restorecon -v 'network-scripts'
restorecon: stat error on network-scripts: No such file or directory
[root@localhost ~]# restorecon -v network-scripts
restorecon: stat error on network-scripts: No such file or directory
[root@localhost ~]# dhclient eth0
Missing /etc/sysconfig/network-scripts/network-functions, exiting.
^C
You have new mail in /var/spool/mail/root
[root@localhost ~]# service network status
Configured devices:
lo eth0 eth1
Currently active devices:
lo eth1 eth0
[root@localhost ~]# service network restart
Shutting down interface eth0: [ OK ]
Shutting down interface eth1: [ OK ]
Shutting down loopback interface: [ OK ]
Disabling IPv4 packet forwarding: net.ipv4.ip_forward = 0
[ OK ]
Bringing up loopback interface: [ OK ]
Bringing up interface eth0:
Determining IP information for eth0...Missing /etc/sysconfig/network-scripts/network-functions, exiting.
^C

Got also greeted by selinux alert:


Summary:

SELinux is preventing dhclient-script (dhcpc_t) "search" to network-scripts
(net_conf_t).

Detailed Description:

SELinux denied access requested by dhclient-script. It is not expected that this
access is required by dhclient-script and this access may signal an intrusion
attempt. It is also possible that the specific version or configuration of the
application is causing it to require additional access.

Allowing Access:

Sometimes labeling problems can cause SELinux denials. You could try to restore
the default system file context for network-scripts,

restorecon -v 'network-scripts'

If this does not work, there is currently no automatic way to allow this access.
Instead, you can generate a local policy module to allow this access - see FAQ
(http://fedora.redhat.com/docs/selinux-faq-fc5/#id2961385) Or you can disable
SELinux protection altogether. Disabling SELinux protection is not recommended.
Please file a bug report (http://bugzilla.redhat.com/bugzilla/enter_bug.cgi)
against this package.

Additional Information:

Source Context unconfined_u:system_r:dhcpc_t:SystemLow-SystemHigh
Target Context system_ubject_r:net_conf_t
Target Objects network-scripts [ dir ]
Source dhclient-script
Source Path /bin/bash
Port <Unknown>
Host localhost
Source RPM Packages bash-4.0-0.4.rc1.fc11
Target RPM Packages
Policy RPM selinux-policy-3.6.6-1.fc11
Selinux Enabled True
Policy Type targeted
MLS Enabled True
Enforcing Mode Enforcing
Plugin Name catchall_file
Host Name localhost
Platform Linux localhost 2.6.29-0.124.rc5.fc11.i586 #1 SMP
Mon Feb 16 21:15:37 EST 2009 i686 athlon
Alert Count 3
First Seen Tue 17 Feb 2009 09:32:55 AM CST
Last Seen Tue 17 Feb 2009 09:33:55 AM CST
Local ID 878e2548-4687-45f0-8115-d40144370614
Line Numbers

Raw Audit Messages

node=localhost type=AVC msg=audit(1234884835.408:131): avc: denied { search } for pid=11969 comm="dhclient-script" name="network-scripts" dev=dm-0 ino=28344324 scontext=unconfined_u:system_r:dhcpc_t:s0-s0:c0.c1023 tcontext=system_ubject_r:net_conf_t:s0 tclass=dir

node=localhost type=SYSCALL msg=audit(1234884835.408:131): arch=40000003 syscall=195 success=no exit=-13 a0=8463100 a1=bfb25c2c a2=b45ff4 a3=8463102 items=0 ppid=11968 pid=11969 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts1 ses=1 comm="dhclient-script" exe="/bin/bash" subj=unconfined_u:system_r:dhcpc_t:s0-s0:c0.c1023 key=(null)


I applied it, but did not work

restorecon -v 'network-scripts'


Regards,

Antonio




--
fedora-selinux-list mailing list
fedora-selinux-list@redhat.com
https://www.redhat.com/mailman/listinfo/fedora-selinux-list
 
Old 02-17-2009, 02:43 PM
Antonio Olivares
 
Default network-scripts problem

Dear fellow testers,

I encountered network functions/network-scripts problem

[root@localhost ~]# dhclient eth0
Missing /etc/sysconfig/network-scripts/network-functions, exiting.
Missing /etc/sysconfig/network-scripts/network-functions, exiting.
Missing /etc/sysconfig/network-scripts/network-functions, exiting.
^C
[root@localhost ~]# restorecon -v 'network-scripts'
restorecon: stat error on network-scripts: No such file or directory
[root@localhost ~]# restorecon -v network-scripts
restorecon: stat error on network-scripts: No such file or directory
[root@localhost ~]# dhclient eth0
Missing /etc/sysconfig/network-scripts/network-functions, exiting.
^C
You have new mail in /var/spool/mail/root
[root@localhost ~]# service network status
Configured devices:
lo eth0 eth1
Currently active devices:
lo eth1 eth0
[root@localhost ~]# service network restart
Shutting down interface eth0: [ OK ]
Shutting down interface eth1: [ OK ]
Shutting down loopback interface: [ OK ]
Disabling IPv4 packet forwarding: net.ipv4.ip_forward = 0
[ OK ]
Bringing up loopback interface: [ OK ]
Bringing up interface eth0:
Determining IP information for eth0...Missing /etc/sysconfig/network-scripts/network-functions, exiting.
^C

Got also greeted by selinux alert:


Summary:

SELinux is preventing dhclient-script (dhcpc_t) "search" to network-scripts
(net_conf_t).

Detailed Description:

SELinux denied access requested by dhclient-script. It is not expected that this
access is required by dhclient-script and this access may signal an intrusion
attempt. It is also possible that the specific version or configuration of the
application is causing it to require additional access.

Allowing Access:

Sometimes labeling problems can cause SELinux denials. You could try to restore
the default system file context for network-scripts,

restorecon -v 'network-scripts'

If this does not work, there is currently no automatic way to allow this access.
Instead, you can generate a local policy module to allow this access - see FAQ
(http://fedora.redhat.com/docs/selinux-faq-fc5/#id2961385) Or you can disable
SELinux protection altogether. Disabling SELinux protection is not recommended.
Please file a bug report (http://bugzilla.redhat.com/bugzilla/enter_bug.cgi)
against this package.

Additional Information:

Source Context unconfined_u:system_r:dhcpc_t:SystemLow-SystemHigh
Target Context system_ubject_r:net_conf_t
Target Objects network-scripts [ dir ]
Source dhclient-script
Source Path /bin/bash
Port <Unknown>
Host localhost
Source RPM Packages bash-4.0-0.4.rc1.fc11
Target RPM Packages
Policy RPM selinux-policy-3.6.6-1.fc11
Selinux Enabled True
Policy Type targeted
MLS Enabled True
Enforcing Mode Enforcing
Plugin Name catchall_file
Host Name localhost
Platform Linux localhost 2.6.29-0.124.rc5.fc11.i586 #1 SMP
Mon Feb 16 21:15:37 EST 2009 i686 athlon
Alert Count 3
First Seen Tue 17 Feb 2009 09:32:55 AM CST
Last Seen Tue 17 Feb 2009 09:33:55 AM CST
Local ID 878e2548-4687-45f0-8115-d40144370614
Line Numbers

Raw Audit Messages

node=localhost type=AVC msg=audit(1234884835.408:131): avc: denied { search } for pid=11969 comm="dhclient-script" name="network-scripts" dev=dm-0 ino=28344324 scontext=unconfined_u:system_r:dhcpc_t:s0-s0:c0.c1023 tcontext=system_ubject_r:net_conf_t:s0 tclass=dir

node=localhost type=SYSCALL msg=audit(1234884835.408:131): arch=40000003 syscall=195 success=no exit=-13 a0=8463100 a1=bfb25c2c a2=b45ff4 a3=8463102 items=0 ppid=11968 pid=11969 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts1 ses=1 comm="dhclient-script" exe="/bin/bash" subj=unconfined_u:system_r:dhcpc_t:s0-s0:c0.c1023 key=(null)


I applied it, but did not work

restorecon -v 'network-scripts'


Regards,

Antonio




--
fedora-list mailing list
fedora-list@redhat.com
To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list
Guidelines: http://fedoraproject.org/wiki/Communicate/MailingListGuidelines
 
Old 02-17-2009, 04:51 PM
Daniel J Walsh
 
Default network-scripts problem

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Antonio Olivares wrote:
> Dear fellow testers,
>
> I encountered network functions/network-scripts problem
>
> [root@localhost ~]# dhclient eth0
> Missing /etc/sysconfig/network-scripts/network-functions, exiting.
> Missing /etc/sysconfig/network-scripts/network-functions, exiting.
> Missing /etc/sysconfig/network-scripts/network-functions, exiting.
> ^C
> [root@localhost ~]# restorecon -v 'network-scripts'
> restorecon: stat error on network-scripts: No such file or directory
> [root@localhost ~]# restorecon -v network-scripts
> restorecon: stat error on network-scripts: No such file or directory
> [root@localhost ~]# dhclient eth0
> Missing /etc/sysconfig/network-scripts/network-functions, exiting.
> ^C
> You have new mail in /var/spool/mail/root
> [root@localhost ~]# service network status
> Configured devices:
> lo eth0 eth1
> Currently active devices:
> lo eth1 eth0
> [root@localhost ~]# service network restart
> Shutting down interface eth0: [ OK ]
> Shutting down interface eth1: [ OK ]
> Shutting down loopback interface: [ OK ]
> Disabling IPv4 packet forwarding: net.ipv4.ip_forward = 0
> [ OK ]
> Bringing up loopback interface: [ OK ]
> Bringing up interface eth0:
> Determining IP information for eth0...Missing /etc/sysconfig/network-scripts/network-functions, exiting.
> ^C
>
> Got also greeted by selinux alert:
>
>
> Summary:
>
> SELinux is preventing dhclient-script (dhcpc_t) "search" to network-scripts
> (net_conf_t).
>
> Detailed Description:
>
> SELinux denied access requested by dhclient-script. It is not expected that this
> access is required by dhclient-script and this access may signal an intrusion
> attempt. It is also possible that the specific version or configuration of the
> application is causing it to require additional access.
>
> Allowing Access:
>
> Sometimes labeling problems can cause SELinux denials. You could try to restore
> the default system file context for network-scripts,
>
> restorecon -v 'network-scripts'
>
> If this does not work, there is currently no automatic way to allow this access.
> Instead, you can generate a local policy module to allow this access - see FAQ
> (http://fedora.redhat.com/docs/selinux-faq-fc5/#id2961385) Or you can disable
> SELinux protection altogether. Disabling SELinux protection is not recommended.
> Please file a bug report (http://bugzilla.redhat.com/bugzilla/enter_bug.cgi)
> against this package.
>
> Additional Information:
>
> Source Context unconfined_u:system_r:dhcpc_t:SystemLow-SystemHigh
> Target Context system_ubject_r:net_conf_t
> Target Objects network-scripts [ dir ]
> Source dhclient-script
> Source Path /bin/bash
> Port <Unknown>
> Host localhost
> Source RPM Packages bash-4.0-0.4.rc1.fc11
> Target RPM Packages
> Policy RPM selinux-policy-3.6.6-1.fc11
> Selinux Enabled True
> Policy Type targeted
> MLS Enabled True
> Enforcing Mode Enforcing
> Plugin Name catchall_file
> Host Name localhost
> Platform Linux localhost 2.6.29-0.124.rc5.fc11.i586 #1 SMP
> Mon Feb 16 21:15:37 EST 2009 i686 athlon
> Alert Count 3
> First Seen Tue 17 Feb 2009 09:32:55 AM CST
> Last Seen Tue 17 Feb 2009 09:33:55 AM CST
> Local ID 878e2548-4687-45f0-8115-d40144370614
> Line Numbers
>
> Raw Audit Messages
>
> node=localhost type=AVC msg=audit(1234884835.408:131): avc: denied { search } for pid=11969 comm="dhclient-script" name="network-scripts" dev=dm-0 ino=28344324 scontext=unconfined_u:system_r:dhcpc_t:s0-s0:c0.c1023 tcontext=system_ubject_r:net_conf_t:s0 tclass=dir
>
> node=localhost type=SYSCALL msg=audit(1234884835.408:131): arch=40000003 syscall=195 success=no exit=-13 a0=8463100 a1=bfb25c2c a2=b45ff4 a3=8463102 items=0 ppid=11968 pid=11969 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts1 ses=1 comm="dhclient-script" exe="/bin/bash" subj=unconfined_u:system_r:dhcpc_t:s0-s0:c0.c1023 key=(null)
>
>
> I applied it, but did not work
>
> restorecon -v 'network-scripts'
>
>
> Regards,
>
> Antonio
>
>
>
>
Grab the latest policy out of koji. this should be fixed.



-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)
Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org

iEYEARECAAYFAkma+TgACgkQrlYvE4MpobMAwwCgrvFjzlWpuF EiJvFZRhDWylH3
QMwAn04qBvjj7ThToGU75ckY8+CmgYX5
=X9g3
-----END PGP SIGNATURE-----

--
fedora-list mailing list
fedora-list@redhat.com
To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list
Guidelines: http://fedoraproject.org/wiki/Communicate/MailingListGuidelines
 
Old 02-17-2009, 04:51 PM
Daniel J Walsh
 
Default network-scripts problem

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Antonio Olivares wrote:
> Dear fellow testers,
>
> I encountered network functions/network-scripts problem
>
> [root@localhost ~]# dhclient eth0
> Missing /etc/sysconfig/network-scripts/network-functions, exiting.
> Missing /etc/sysconfig/network-scripts/network-functions, exiting.
> Missing /etc/sysconfig/network-scripts/network-functions, exiting.
> ^C
> [root@localhost ~]# restorecon -v 'network-scripts'
> restorecon: stat error on network-scripts: No such file or directory
> [root@localhost ~]# restorecon -v network-scripts
> restorecon: stat error on network-scripts: No such file or directory
> [root@localhost ~]# dhclient eth0
> Missing /etc/sysconfig/network-scripts/network-functions, exiting.
> ^C
> You have new mail in /var/spool/mail/root
> [root@localhost ~]# service network status
> Configured devices:
> lo eth0 eth1
> Currently active devices:
> lo eth1 eth0
> [root@localhost ~]# service network restart
> Shutting down interface eth0: [ OK ]
> Shutting down interface eth1: [ OK ]
> Shutting down loopback interface: [ OK ]
> Disabling IPv4 packet forwarding: net.ipv4.ip_forward = 0
> [ OK ]
> Bringing up loopback interface: [ OK ]
> Bringing up interface eth0:
> Determining IP information for eth0...Missing /etc/sysconfig/network-scripts/network-functions, exiting.
> ^C
>
> Got also greeted by selinux alert:
>
>
> Summary:
>
> SELinux is preventing dhclient-script (dhcpc_t) "search" to network-scripts
> (net_conf_t).
>
> Detailed Description:
>
> SELinux denied access requested by dhclient-script. It is not expected that this
> access is required by dhclient-script and this access may signal an intrusion
> attempt. It is also possible that the specific version or configuration of the
> application is causing it to require additional access.
>
> Allowing Access:
>
> Sometimes labeling problems can cause SELinux denials. You could try to restore
> the default system file context for network-scripts,
>
> restorecon -v 'network-scripts'
>
> If this does not work, there is currently no automatic way to allow this access.
> Instead, you can generate a local policy module to allow this access - see FAQ
> (http://fedora.redhat.com/docs/selinux-faq-fc5/#id2961385) Or you can disable
> SELinux protection altogether. Disabling SELinux protection is not recommended.
> Please file a bug report (http://bugzilla.redhat.com/bugzilla/enter_bug.cgi)
> against this package.
>
> Additional Information:
>
> Source Context unconfined_u:system_r:dhcpc_t:SystemLow-SystemHigh
> Target Context system_ubject_r:net_conf_t
> Target Objects network-scripts [ dir ]
> Source dhclient-script
> Source Path /bin/bash
> Port <Unknown>
> Host localhost
> Source RPM Packages bash-4.0-0.4.rc1.fc11
> Target RPM Packages
> Policy RPM selinux-policy-3.6.6-1.fc11
> Selinux Enabled True
> Policy Type targeted
> MLS Enabled True
> Enforcing Mode Enforcing
> Plugin Name catchall_file
> Host Name localhost
> Platform Linux localhost 2.6.29-0.124.rc5.fc11.i586 #1 SMP
> Mon Feb 16 21:15:37 EST 2009 i686 athlon
> Alert Count 3
> First Seen Tue 17 Feb 2009 09:32:55 AM CST
> Last Seen Tue 17 Feb 2009 09:33:55 AM CST
> Local ID 878e2548-4687-45f0-8115-d40144370614
> Line Numbers
>
> Raw Audit Messages
>
> node=localhost type=AVC msg=audit(1234884835.408:131): avc: denied { search } for pid=11969 comm="dhclient-script" name="network-scripts" dev=dm-0 ino=28344324 scontext=unconfined_u:system_r:dhcpc_t:s0-s0:c0.c1023 tcontext=system_ubject_r:net_conf_t:s0 tclass=dir
>
> node=localhost type=SYSCALL msg=audit(1234884835.408:131): arch=40000003 syscall=195 success=no exit=-13 a0=8463100 a1=bfb25c2c a2=b45ff4 a3=8463102 items=0 ppid=11968 pid=11969 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts1 ses=1 comm="dhclient-script" exe="/bin/bash" subj=unconfined_u:system_r:dhcpc_t:s0-s0:c0.c1023 key=(null)
>
>
> I applied it, but did not work
>
> restorecon -v 'network-scripts'
>
>
> Regards,
>
> Antonio
>
>
>
>
Grab the latest policy out of koji. this should be fixed.



-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)
Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org

iEYEARECAAYFAkma+TgACgkQrlYvE4MpobMAwwCgrvFjzlWpuF EiJvFZRhDWylH3
QMwAn04qBvjj7ThToGU75ckY8+CmgYX5
=X9g3
-----END PGP SIGNATURE-----

--
fedora-selinux-list mailing list
fedora-selinux-list@redhat.com
https://www.redhat.com/mailman/listinfo/fedora-selinux-list
 
Old 02-17-2009, 05:06 PM
Rick Stevens
 
Default network-scripts problem

Daniel J Walsh wrote:

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Antonio Olivares wrote:
Dear fellow testers,


I encountered network functions/network-scripts problem

[root@localhost ~]# dhclient eth0
Missing /etc/sysconfig/network-scripts/network-functions, exiting.
Missing /etc/sysconfig/network-scripts/network-functions, exiting.
Missing /etc/sysconfig/network-scripts/network-functions, exiting.
^C
[root@localhost ~]# restorecon -v 'network-scripts'
restorecon: stat error on network-scripts: No such file or directory

[root@localhost ~]# restorecon -v network-scripts
restorecon: stat error on network-scripts: No such file or directory
[root@localhost ~]# dhclient eth0
Missing /etc/sysconfig/network-scripts/network-functions, exiting.
^C
You have new mail in /var/spool/mail/root
[root@localhost ~]# service network status
Configured devices:
lo eth0 eth1
Currently active devices:

lo eth1 eth0
[root@localhost ~]# service network restart
Shutting down interface eth0: [ OK ]
Shutting down interface eth1: [ OK ]
Shutting down loopback interface: [ OK ]
Disabling IPv4 packet forwarding: net.ipv4.ip_forward = 0
[ OK ]
Bringing up loopback interface: [ OK ]
Bringing up interface eth0:
Determining IP information for eth0...Missing /etc/sysconfig/network-scripts/network-functions, exiting.
^C

Got also greeted by selinux alert:


Summary:

SELinux is preventing dhclient-script (dhcpc_t) "search" to network-scripts
(net_conf_t).

Detailed Description:

SELinux denied access requested by dhclient-script. It is not expected that this
access is required by dhclient-script and this access may signal an intrusion
attempt. It is also possible that the specific version or configuration of the
application is causing it to require additional access.

Allowing Access:

Sometimes labeling problems can cause SELinux denials. You could try to restore
the default system file context for network-scripts,

restorecon -v 'network-scripts'

If this does not work, there is currently no automatic way to allow this access.
Instead, you can generate a local policy module to allow this access - see FAQ
(http://fedora.redhat.com/docs/selinux-faq-fc5/#id2961385) Or you can disable
SELinux protection altogether. Disabling SELinux protection is not recommended.
Please file a bug report (http://bugzilla.redhat.com/bugzilla/enter_bug.cgi)
against this package.

Additional Information:

Source Context unconfined_u:system_r:dhcpc_t:SystemLow-SystemHigh
Target Context system_ubject_r:net_conf_t
Target Objects network-scripts [ dir ]
Source dhclient-script
Source Path /bin/bash
Port <Unknown>
Host localhost
Source RPM Packages bash-4.0-0.4.rc1.fc11
Target RPM Packages
Policy RPM selinux-policy-3.6.6-1.fc11

Selinux Enabled True
Policy Type targeted
MLS Enabled True
Enforcing Mode Enforcing
Plugin Name catchall_file
Host Name localhost
Platform Linux localhost 2.6.29-0.124.rc5.fc11.i586 #1 SMP
Mon Feb 16 21:15:37 EST 2009 i686 athlon
Alert Count 3
First Seen Tue 17 Feb 2009 09:32:55 AM CST
Last Seen Tue 17 Feb 2009 09:33:55 AM CST
Local ID 878e2548-4687-45f0-8115-d40144370614
Line Numbers

Raw Audit Messages


node=localhost type=AVC msg=audit(1234884835.408:131): avc: denied { search } for pid=11969 comm="dhclient-script" name="network-scripts" dev=dm-0 ino=28344324 scontext=unconfined_u:system_r:dhcpc_t:s0-s0:c0.c1023 tcontext=system_ubject_r:net_conf_t:s0 tclass=dir

node=localhost type=SYSCALL msg=audit(1234884835.408:131): arch=40000003 syscall=195 success=no exit=-13 a0=8463100 a1=bfb25c2c a2=b45ff4 a3=8463102 items=0 ppid=11968 pid=11969 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts1 ses=1 comm="dhclient-script" exe="/bin/bash" subj=unconfined_u:system_r:dhcpc_t:s0-s0:c0.c1023 key=(null)


I applied it, but did not work

restorecon -v 'network-scripts'


Regards,

Antonio






Grab the latest policy out of koji. this should be fixed.


That's irrelevant if the network-scripts file is missing (which his
error messages indicate).

Antonio, somehow you killed a HUGE part of the network setup stuff.
You'll need to reinstall the initscripts RPM to get it back.
----------------------------------------------------------------------
- Rick Stevens, Systems Engineer ricks@nerd.com -
- AIM/Skype: therps2 ICQ: 22643734 Yahoo: origrps2 -
- -
- To err is human. To forgive, a large sum of money is needed. -
----------------------------------------------------------------------

--
fedora-list mailing list
fedora-list@redhat.com
To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list
Guidelines: http://fedoraproject.org/wiki/Communicate/MailingListGuidelines
 
Old 02-17-2009, 07:02 PM
Antonio Olivares
 
Default network-scripts problem

> > Grab the latest policy out of koji. this should be
> fixed.
>
> That's irrelevant if the network-scripts file is
> missing (which his
> error messages indicate).
>
> Antonio, somehow you killed a HUGE part of the network
> setup stuff.
> You'll need to reinstall the initscripts RPM to get it
> back.
> ----------------------------------------------------------------------
> - Rick Stevens, Systems Engineer
> ricks@nerd.com -
> - AIM/Skype: therps2 ICQ: 22643734 Yahoo:
> origrps2 -
> -
> -
> - To err is human. To forgive, a large sum of money is
> needed. -
> ----------------------------------------------------------------------
>
> -- fedora-list mailing list

I did not kill it, an update did
I still have connection(manually though assigning IP).

Regards,

Antonio




--
fedora-list mailing list
fedora-list@redhat.com
To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list
Guidelines: http://fedoraproject.org/wiki/Communicate/MailingListGuidelines
 
Old 02-19-2009, 02:36 PM
Antonio Olivares
 
Default network-scripts problem

--- On Tue, 2/17/09, Antonio Olivares <olivares14031@yahoo.com> wrote:

> From: Antonio Olivares <olivares14031@yahoo.com>
> Subject: network-scripts problem
> To: fedora-list@redhat.com
> Cc: fedora-selinux-list@redhat.com
> Date: Tuesday, February 17, 2009, 7:43 AM
> Dear fellow testers,
>
> I encountered network functions/network-scripts problem
>
> [root@localhost ~]# dhclient eth0
> Missing /etc/sysconfig/network-scripts/network-functions,
> exiting.
> Missing /etc/sysconfig/network-scripts/network-functions,
> exiting.
> Missing /etc/sysconfig/network-scripts/network-functions,
> exiting.
> ^C
>
> [root@localhost ~]# restorecon -v 'network-scripts'
>
> restorecon: stat error on network-scripts: No such file
> or directory
> [root@localhost ~]# restorecon -v network-scripts
> restorecon: stat error on network-scripts: No such file
> or directory
> [root@localhost ~]# dhclient eth0
> Missing /etc/sysconfig/network-scripts/network-functions,
> exiting.
> ^C
>
> You have new mail in /var/spool/mail/root
>
> [root@localhost ~]# service network status
>
> Configured devices:
>
> lo eth0 eth1
>
> Currently active devices:
> lo eth1 eth0
> [root@localhost ~]# service network restart
> Shutting down interface eth0:
> [ OK ]
> Shutting down interface eth1:
> [ OK ]
> Shutting down loopback interface:
> [ OK ]
> Disabling IPv4 packet forwarding: net.ipv4.ip_forward = 0
>
> [ OK ]
> Bringing up loopback interface:
> [ OK ]
> Bringing up interface eth0:
> Determining IP information for eth0...Missing
> /etc/sysconfig/network-scripts/network-functions, exiting.
> ^C
>
> Got also greeted by selinux alert:
>
>
> Summary:
>
> SELinux is preventing dhclient-script (dhcpc_t)
> "search" to network-scripts
> (net_conf_t).
>
> Detailed Description:
>
> SELinux denied access requested by dhclient-script. It is
> not expected that this
> access is required by dhclient-script and this access may
> signal an intrusion
> attempt. It is also possible that the specific version or
> configuration of the
> application is causing it to require additional access.
>
> Allowing Access:
>
> Sometimes labeling problems can cause SELinux denials. You
> could try to restore
> the default system file context for network-scripts,
>
> restorecon -v 'network-scripts'
>
> If this does not work, there is currently no automatic way
> to allow this access.
> Instead, you can generate a local policy module to allow
> this access - see FAQ
> (http://fedora.redhat.com/docs/selinux-faq-fc5/#id2961385)
> Or you can disable
> SELinux protection altogether. Disabling SELinux protection
> is not recommended.
> Please file a bug report
> (http://bugzilla.redhat.com/bugzilla/enter_bug.cgi)
> against this package.
>
> Additional Information:
>
> Source Context
> unconfined_u:system_r:dhcpc_t:SystemLow-SystemHigh
> Target Context system_ubject_r:net_conf_t
> Target Objects network-scripts [ dir ]
> Source dhclient-script
> Source Path /bin/bash
> Port <Unknown>
> Host localhost
> Source RPM Packages bash-4.0-0.4.rc1.fc11
> Target RPM Packages
> Policy RPM selinux-policy-3.6.6-1.fc11
> Selinux Enabled True
> Policy Type targeted
> MLS Enabled True
> Enforcing Mode Enforcing
> Plugin Name catchall_file
> Host Name localhost
> Platform Linux localhost
> 2.6.29-0.124.rc5.fc11.i586 #1 SMP
> Mon Feb 16 21:15:37 EST 2009
> i686 athlon
> Alert Count 3
> First Seen Tue 17 Feb 2009 09:32:55 AM
> CST
> Last Seen Tue 17 Feb 2009 09:33:55 AM
> CST
> Local ID
> 878e2548-4687-45f0-8115-d40144370614
> Line Numbers
>
> Raw Audit Messages
>
> node=localhost type=AVC msg=audit(1234884835.408:131): avc:
> denied { search } for pid=11969
> comm="dhclient-script"
> name="network-scripts" dev=dm-0 ino=28344324
> scontext=unconfined_u:system_r:dhcpc_t:s0-s0:c0.c1023
> tcontext=system_ubject_r:net_conf_t:s0 tclass=dir
>
> node=localhost type=SYSCALL msg=audit(1234884835.408:131):
> arch=40000003 syscall=195 success=no exit=-13 a0=8463100
> a1=bfb25c2c a2=b45ff4 a3=8463102 items=0 ppid=11968
> pid=11969 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0
> sgid=0 fsgid=0 tty=pts1 ses=1
> comm="dhclient-script" exe="/bin/bash"
> subj=unconfined_u:system_r:dhcpc_t:s0-s0:c0.c1023 key=(null)
>
>
> I applied it, but did not work
>
> restorecon -v 'network-scripts'
>
>
> Regards,
>
> Antonio
>
>
>
>
> --

The network does not start anymore and I do not know what is wrong, it is not selinux blocking it, because the fix does not work , there might be something wrong with the original network scripts , booting hanged, I had to boot into level 1 and chkconfig network off, in order to boot

[root@localhost ~]# rpm -qa initscripts*
initscripts-8.89-1.i386
You have new mail in /var/spool/mail/root
[root@localhost ~]# service network status
Configured devices:
lo eth0 eth1
Currently active devices:
lo
[root@localhost ~]# service network restart
Shutting down loopback interface: [ OK ]
Disabling IPv4 packet forwarding: net.ipv4.ip_forward = 0
[ OK ]
Bringing up loopback interface: [ OK ]
Bringing up interface eth0:
Determining IP information for eth0...^C
[root@localhost ~]# cat /etc/resolv.conf
; generated by /sbin/dhclient-script
nameserver 10.128.0.4
nameserver 10.154.16.130
nameserver 10.128.0.129
[root@localhost ~]# ifconfig eth0 10.154.19.210 netmask 255.255.255.0
[root@localhost ~]# route add default gateway 10.154.19.1

The other two machines use NetworkManager and there are no problems to report there

There is something wrong should I open a bugreport, unless someone has beated me to it

Regards,

Antonio




--
fedora-list mailing list
fedora-list@redhat.com
To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list
Guidelines: http://fedoraproject.org/wiki/Communicate/MailingListGuidelines
 
Old 02-19-2009, 02:36 PM
Antonio Olivares
 
Default network-scripts problem

--- On Tue, 2/17/09, Antonio Olivares <olivares14031@yahoo.com> wrote:

> From: Antonio Olivares <olivares14031@yahoo.com>
> Subject: network-scripts problem
> To: fedora-list@redhat.com
> Cc: fedora-selinux-list@redhat.com
> Date: Tuesday, February 17, 2009, 7:43 AM
> Dear fellow testers,
>
> I encountered network functions/network-scripts problem
>
> [root@localhost ~]# dhclient eth0
> Missing /etc/sysconfig/network-scripts/network-functions,
> exiting.
> Missing /etc/sysconfig/network-scripts/network-functions,
> exiting.
> Missing /etc/sysconfig/network-scripts/network-functions,
> exiting.
> ^C
>
> [root@localhost ~]# restorecon -v 'network-scripts'
>
> restorecon: stat error on network-scripts: No such file
> or directory
> [root@localhost ~]# restorecon -v network-scripts
> restorecon: stat error on network-scripts: No such file
> or directory
> [root@localhost ~]# dhclient eth0
> Missing /etc/sysconfig/network-scripts/network-functions,
> exiting.
> ^C
>
> You have new mail in /var/spool/mail/root
>
> [root@localhost ~]# service network status
>
> Configured devices:
>
> lo eth0 eth1
>
> Currently active devices:
> lo eth1 eth0
> [root@localhost ~]# service network restart
> Shutting down interface eth0:
> [ OK ]
> Shutting down interface eth1:
> [ OK ]
> Shutting down loopback interface:
> [ OK ]
> Disabling IPv4 packet forwarding: net.ipv4.ip_forward = 0
>
> [ OK ]
> Bringing up loopback interface:
> [ OK ]
> Bringing up interface eth0:
> Determining IP information for eth0...Missing
> /etc/sysconfig/network-scripts/network-functions, exiting.
> ^C
>
> Got also greeted by selinux alert:
>
>
> Summary:
>
> SELinux is preventing dhclient-script (dhcpc_t)
> "search" to network-scripts
> (net_conf_t).
>
> Detailed Description:
>
> SELinux denied access requested by dhclient-script. It is
> not expected that this
> access is required by dhclient-script and this access may
> signal an intrusion
> attempt. It is also possible that the specific version or
> configuration of the
> application is causing it to require additional access.
>
> Allowing Access:
>
> Sometimes labeling problems can cause SELinux denials. You
> could try to restore
> the default system file context for network-scripts,
>
> restorecon -v 'network-scripts'
>
> If this does not work, there is currently no automatic way
> to allow this access.
> Instead, you can generate a local policy module to allow
> this access - see FAQ
> (http://fedora.redhat.com/docs/selinux-faq-fc5/#id2961385)
> Or you can disable
> SELinux protection altogether. Disabling SELinux protection
> is not recommended.
> Please file a bug report
> (http://bugzilla.redhat.com/bugzilla/enter_bug.cgi)
> against this package.
>
> Additional Information:
>
> Source Context
> unconfined_u:system_r:dhcpc_t:SystemLow-SystemHigh
> Target Context system_ubject_r:net_conf_t
> Target Objects network-scripts [ dir ]
> Source dhclient-script
> Source Path /bin/bash
> Port <Unknown>
> Host localhost
> Source RPM Packages bash-4.0-0.4.rc1.fc11
> Target RPM Packages
> Policy RPM selinux-policy-3.6.6-1.fc11
> Selinux Enabled True
> Policy Type targeted
> MLS Enabled True
> Enforcing Mode Enforcing
> Plugin Name catchall_file
> Host Name localhost
> Platform Linux localhost
> 2.6.29-0.124.rc5.fc11.i586 #1 SMP
> Mon Feb 16 21:15:37 EST 2009
> i686 athlon
> Alert Count 3
> First Seen Tue 17 Feb 2009 09:32:55 AM
> CST
> Last Seen Tue 17 Feb 2009 09:33:55 AM
> CST
> Local ID
> 878e2548-4687-45f0-8115-d40144370614
> Line Numbers
>
> Raw Audit Messages
>
> node=localhost type=AVC msg=audit(1234884835.408:131): avc:
> denied { search } for pid=11969
> comm="dhclient-script"
> name="network-scripts" dev=dm-0 ino=28344324
> scontext=unconfined_u:system_r:dhcpc_t:s0-s0:c0.c1023
> tcontext=system_ubject_r:net_conf_t:s0 tclass=dir
>
> node=localhost type=SYSCALL msg=audit(1234884835.408:131):
> arch=40000003 syscall=195 success=no exit=-13 a0=8463100
> a1=bfb25c2c a2=b45ff4 a3=8463102 items=0 ppid=11968
> pid=11969 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0
> sgid=0 fsgid=0 tty=pts1 ses=1
> comm="dhclient-script" exe="/bin/bash"
> subj=unconfined_u:system_r:dhcpc_t:s0-s0:c0.c1023 key=(null)
>
>
> I applied it, but did not work
>
> restorecon -v 'network-scripts'
>
>
> Regards,
>
> Antonio
>
>
>
>
> --

The network does not start anymore and I do not know what is wrong, it is not selinux blocking it, because the fix does not work , there might be something wrong with the original network scripts , booting hanged, I had to boot into level 1 and chkconfig network off, in order to boot

[root@localhost ~]# rpm -qa initscripts*
initscripts-8.89-1.i386
You have new mail in /var/spool/mail/root
[root@localhost ~]# service network status
Configured devices:
lo eth0 eth1
Currently active devices:
lo
[root@localhost ~]# service network restart
Shutting down loopback interface: [ OK ]
Disabling IPv4 packet forwarding: net.ipv4.ip_forward = 0
[ OK ]
Bringing up loopback interface: [ OK ]
Bringing up interface eth0:
Determining IP information for eth0...^C
[root@localhost ~]# cat /etc/resolv.conf
; generated by /sbin/dhclient-script
nameserver 10.128.0.4
nameserver 10.154.16.130
nameserver 10.128.0.129
[root@localhost ~]# ifconfig eth0 10.154.19.210 netmask 255.255.255.0
[root@localhost ~]# route add default gateway 10.154.19.1

The other two machines use NetworkManager and there are no problems to report there

There is something wrong should I open a bugreport, unless someone has beated me to it

Regards,

Antonio




--
fedora-selinux-list mailing list
fedora-selinux-list@redhat.com
https://www.redhat.com/mailman/listinfo/fedora-selinux-list
 
Old 02-20-2009, 03:48 PM
Daniel J Walsh
 
Default network-scripts problem

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Antonio Olivares wrote:
>
>
> --- On Tue, 2/17/09, Antonio Olivares <olivares14031@yahoo.com> wrote:
>
>> From: Antonio Olivares <olivares14031@yahoo.com>
>> Subject: network-scripts problem
>> To: fedora-list@redhat.com
>> Cc: fedora-selinux-list@redhat.com
>> Date: Tuesday, February 17, 2009, 7:43 AM
>> Dear fellow testers,
>>
>> I encountered network functions/network-scripts problem
>>
>> [root@localhost ~]# dhclient eth0
>> Missing /etc/sysconfig/network-scripts/network-functions,
>> exiting.
>> Missing /etc/sysconfig/network-scripts/network-functions,
>> exiting.
>> Missing /etc/sysconfig/network-scripts/network-functions,
>> exiting.
>> ^C
>>
>> [root@localhost ~]# restorecon -v 'network-scripts'
>>
>> restorecon: stat error on network-scripts: No such file
>> or directory
>> [root@localhost ~]# restorecon -v network-scripts
>> restorecon: stat error on network-scripts: No such file
>> or directory
>> [root@localhost ~]# dhclient eth0
>> Missing /etc/sysconfig/network-scripts/network-functions,
>> exiting.
>> ^C
>>
>> You have new mail in /var/spool/mail/root
>>
>> [root@localhost ~]# service network status
>>
>> Configured devices:
>>
>> lo eth0 eth1
>>
>> Currently active devices:
>> lo eth1 eth0
>> [root@localhost ~]# service network restart
>> Shutting down interface eth0:
>> [ OK ]
>> Shutting down interface eth1:
>> [ OK ]
>> Shutting down loopback interface:
>> [ OK ]
>> Disabling IPv4 packet forwarding: net.ipv4.ip_forward = 0
>>
>> [ OK ]
>> Bringing up loopback interface:
>> [ OK ]
>> Bringing up interface eth0:
>> Determining IP information for eth0...Missing
>> /etc/sysconfig/network-scripts/network-functions, exiting.
>> ^C
>>
>> Got also greeted by selinux alert:
>>
>>
>> Summary:
>>
>> SELinux is preventing dhclient-script (dhcpc_t)
>> "search" to network-scripts
>> (net_conf_t).
>>
>> Detailed Description:
>>
>> SELinux denied access requested by dhclient-script. It is
>> not expected that this
>> access is required by dhclient-script and this access may
>> signal an intrusion
>> attempt. It is also possible that the specific version or
>> configuration of the
>> application is causing it to require additional access.
>>
>> Allowing Access:
>>
>> Sometimes labeling problems can cause SELinux denials. You
>> could try to restore
>> the default system file context for network-scripts,
>>
>> restorecon -v 'network-scripts'
>>
>> If this does not work, there is currently no automatic way
>> to allow this access.
>> Instead, you can generate a local policy module to allow
>> this access - see FAQ
>> (http://fedora.redhat.com/docs/selinux-faq-fc5/#id2961385)
>> Or you can disable
>> SELinux protection altogether. Disabling SELinux protection
>> is not recommended.
>> Please file a bug report
>> (http://bugzilla.redhat.com/bugzilla/enter_bug.cgi)
>> against this package.
>>
>> Additional Information:
>>
>> Source Context
>> unconfined_u:system_r:dhcpc_t:SystemLow-SystemHigh
>> Target Context system_ubject_r:net_conf_t
>> Target Objects network-scripts [ dir ]
>> Source dhclient-script
>> Source Path /bin/bash
>> Port <Unknown>
>> Host localhost
>> Source RPM Packages bash-4.0-0.4.rc1.fc11
>> Target RPM Packages
>> Policy RPM selinux-policy-3.6.6-1.fc11
>> Selinux Enabled True
>> Policy Type targeted
>> MLS Enabled True
>> Enforcing Mode Enforcing
>> Plugin Name catchall_file
>> Host Name localhost
>> Platform Linux localhost
>> 2.6.29-0.124.rc5.fc11.i586 #1 SMP
>> Mon Feb 16 21:15:37 EST 2009
>> i686 athlon
>> Alert Count 3
>> First Seen Tue 17 Feb 2009 09:32:55 AM
>> CST
>> Last Seen Tue 17 Feb 2009 09:33:55 AM
>> CST
>> Local ID
>> 878e2548-4687-45f0-8115-d40144370614
>> Line Numbers
>>
>> Raw Audit Messages
>>
>> node=localhost type=AVC msg=audit(1234884835.408:131): avc:
>> denied { search } for pid=11969
>> comm="dhclient-script"
>> name="network-scripts" dev=dm-0 ino=28344324
>> scontext=unconfined_u:system_r:dhcpc_t:s0-s0:c0.c1023
>> tcontext=system_ubject_r:net_conf_t:s0 tclass=dir
>>
>> node=localhost type=SYSCALL msg=audit(1234884835.408:131):
>> arch=40000003 syscall=195 success=no exit=-13 a0=8463100
>> a1=bfb25c2c a2=b45ff4 a3=8463102 items=0 ppid=11968
>> pid=11969 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0
>> sgid=0 fsgid=0 tty=pts1 ses=1
>> comm="dhclient-script" exe="/bin/bash"
>> subj=unconfined_u:system_r:dhcpc_t:s0-s0:c0.c1023 key=(null)
>>
>>
>> I applied it, but did not work
>>
>> restorecon -v 'network-scripts'
>>
>>
>> Regards,
>>
>> Antonio
>>
>>
>>
>>
>> --
>
> The network does not start anymore and I do not know what is wrong, it is not selinux blocking it, because the fix does not work , there might be something wrong with the original network scripts , booting hanged, I had to boot into level 1 and chkconfig network off, in order to boot
>
> [root@localhost ~]# rpm -qa initscripts*
> initscripts-8.89-1.i386
> You have new mail in /var/spool/mail/root
> [root@localhost ~]# service network status
> Configured devices:
> lo eth0 eth1
> Currently active devices:
> lo
> [root@localhost ~]# service network restart
> Shutting down loopback interface: [ OK ]
> Disabling IPv4 packet forwarding: net.ipv4.ip_forward = 0
> [ OK ]
> Bringing up loopback interface: [ OK ]
> Bringing up interface eth0:
> Determining IP information for eth0...^C
> [root@localhost ~]# cat /etc/resolv.conf
> ; generated by /sbin/dhclient-script
> nameserver 10.128.0.4
> nameserver 10.154.16.130
> nameserver 10.128.0.129
> [root@localhost ~]# ifconfig eth0 10.154.19.210 netmask 255.255.255.0
> [root@localhost ~]# route add default gateway 10.154.19.1
>
> The other two machines use NetworkManager and there are no problems to report there
>
> There is something wrong should I open a bugreport, unless someone has beated me to it
>
> Regards,
>
> Antonio
>
>
>
>
Any avc messages?

These is some new labeling in /etc/sysconfig/network-scripts

that is potentially causing the problem.


-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)
Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org

iEYEARECAAYFAkme3u8ACgkQrlYvE4MpobOzFACgsjzpw4cnKA g56IUZqHAIx7my
OegAn1bfuInAYjYii2DrWQc32nV+nnLr
=k6jx
-----END PGP SIGNATURE-----

--
fedora-list mailing list
fedora-list@redhat.com
To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list
Guidelines: http://fedoraproject.org/wiki/Communicate/MailingListGuidelines
 

Thread Tools




All times are GMT. The time now is 10:38 AM.

VBulletin, Copyright ©2000 - 2014, Jelsoft Enterprises Ltd.
Content Relevant URLs by vBSEO ©2007, Crawlability, Inc.
Copyright 2007 - 2008, www.linux-archive.org