FAQ Search Today's Posts Mark Forums Read
» Video Reviews

» Linux Archive

Linux-archive is a website aiming to archive linux email lists and to make them easily accessible for linux users/developers.


» Sponsor

» Partners

» Sponsor

Go Back   Linux Archive > Redhat > Fedora SELinux Support

 
 
LinkBack Thread Tools
 
Old 03-21-2008, 10:17 PM
Daniel J Walsh
 
Default F9 dhcp client cannot backup resolv.conf, nor write ntp.conf

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Chuck Anderson wrote:
> It seems the policy needs an update to allow the dhclient-script to
> work properly:
>
> type=1400 audit(1206128117.122:4): avc: denied { write } for
> pid=2475 comm="cp" name="resolv.conf.predhclient.eth3" dev=dm-0
> ino=26088 scontext=system_u:system_r:dhcpc_t:s0
> tcontext=unconfined_ubject_r:etc_t:s0 tclass=file
> type=1400 audit(1206128117.122:5): avc: denied { unlink } for
> pid=2475 comm="cp" name="resolv.conf.predhclient.eth3" dev=dm-0
> ino=26088 scontext=system_u:system_r:dhcpc_t:s0
> tcontext=unconfined_ubject_r:etc_t:s0 tclass=file
> type=1400 audit(1206128117.252:6): avc: denied { rename } for
> pid=2485 comm="mv" name="ntp.conf" dev=dm-0 ino=26089
> scontext=system_u:system_r:dhcpc_t:s0
> tcontext=unconfined_ubject_r:etc_t:s0 tclass=file
> type=1400 audit(1206128117.255:7): avc: denied { write } for
> pid=2486 comm="dhclient-script" name="ntp.conf" dev=dm-0 ino=26089
> scontext=system_u:system_r:dhcpc_t:s0
> tcontext=unconfined_ubject_r:etc_t:s0 tclass=file
> type=1400 audit(1206128117.255:8): avc: denied { write } for
> pid=2486 comm="dhclient-script" name="ntp.conf" dev=dm-0 ino=26089
> scontext=system_u:system_r:dhcpc_t:s0
> tcontext=unconfined_ubject_r:etc_t:s0 tclass=file
> type=1400 audit(1206128117.256:9): avc: denied { append } for
> pid=2434 comm="dhclient-script" name="ntp.conf" dev=dm-0 ino=26089
> scontext=system_u:system_r:dhcpc_t:s0
> tcontext=unconfined_ubject_r:etc_t:s0 tclass=file
> type=1400 audit(1206128117.257:10): avc: denied { append } for
> pid=2434 comm="dhclient-script" name="ntp.conf" dev=dm-0 ino=26089
> scontext=system_u:system_r:dhcpc_t:s0
> tcontext=unconfined_ubject_r:etc_t:s0 tclass=file
> type=1400 audit(1206128117.257:11): avc: denied { append } for
> pid=2434 comm="dhclient-script" name="ntp.conf" dev=dm-0 ino=26089
> scontext=system_u:system_r:dhcpc_t:s0
> tcontext=unconfined_ubject_r:etc_t:s0 tclass=file
> type=1400 audit(1206128117.257:12): avc: denied { append } for
> pid=2434 comm="dhclient-script" name="ntp.conf" dev=dm-0 ino=26089
> scontext=system_u:system_r:dhcpc_t:s0
> tcontext=unconfined_ubject_r:etc_t:s0 tclass=file
> type=1400 audit(1206128117.258:13): avc: denied { append } for
> pid=2434 comm="dhclient-script" name="ntp.conf" dev=dm-0 ino=26089
> scontext=system_u:system_r:dhcpc_t:s0
> tcontext=unconfined_ubject_r:etc_t:s0 tclass=file
>
>
> # audit2allow -R < audit.log
>
> require {
> type var_run_t;
> type dhcpc_t;
> type hald_acl_t;
> type etc_t;
> class dir write;
> class file { write rename unlink append };
> }
>
> #============= dhcpc_t ==============
> allow dhcpc_t etc_t:file { write rename unlink append };
>
> #============= hald_acl_t ==============
> allow hald_acl_t var_run_t:dir write;
>
> --
> fedora-selinux-list mailing list
> fedora-selinux-list@redhat.com
> https://www.redhat.com/mailman/listinfo/fedora-selinux-list
Someone/thing mislabeled your resolv.conf

restorecon /etc/resolv.conf The hald_acl will be fixed tonight. Your
policy module is dangerous
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.8 (GNU/Linux)
Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org

iEYEARECAAYFAkfkQfoACgkQrlYvE4MpobMyTQCgscWfhHGmNZ jFg5Gnrggg/uaU
cJQAoMeTOEm3m7YUvfsebWXfVnlEohs4
=MBe5
-----END PGP SIGNATURE-----

--
fedora-selinux-list mailing list
fedora-selinux-list@redhat.com
https://www.redhat.com/mailman/listinfo/fedora-selinux-list
 
Old 03-22-2008, 09:15 PM
Chuck Anderson
 
Default F9 dhcp client cannot backup resolv.conf, nor write ntp.conf

On Fri, Mar 21, 2008 at 07:17:14PM -0400, Daniel J Walsh wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> Chuck Anderson wrote:
> > It seems the policy needs an update to allow the dhclient-script to
> > work properly:
> >
> > type=1400 audit(1206128117.122:4): avc: denied { write } for
> > pid=2475 comm="cp" name="resolv.conf.predhclient.eth3" dev=dm-0

> Someone/thing mislabeled your resolv.conf
>
> restorecon /etc/resolv.conf The hald_acl will be fixed tonight. Your
> policy module is dangerous

This was on the very first boot of a fresh install of rawhide.

--
fedora-selinux-list mailing list
fedora-selinux-list@redhat.com
https://www.redhat.com/mailman/listinfo/fedora-selinux-list
 
Old 03-23-2008, 10:36 AM
Daniel J Walsh
 
Default F9 dhcp client cannot backup resolv.conf, nor write ntp.conf

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Chuck Anderson wrote:
> On Fri, Mar 21, 2008 at 07:17:14PM -0400, Daniel J Walsh wrote:
>> -----BEGIN PGP SIGNED MESSAGE-----
>> Hash: SHA1
>>
>> Chuck Anderson wrote:
>>> It seems the policy needs an update to allow the dhclient-script to
>>> work properly:
>>>
>>> type=1400 audit(1206128117.122:4): avc: denied { write } for
>>> pid=2475 comm="cp" name="resolv.conf.predhclient.eth3" dev=dm-0
>
>> Someone/thing mislabeled your resolv.conf
>>
>> restorecon /etc/resolv.conf The hald_acl will be fixed tonight. Your
>> policy module is dangerous
>
> This was on the very first boot of a fresh install of rawhide.
>
> --
> fedora-selinux-list mailing list
> fedora-selinux-list@redhat.com
> https://www.redhat.com/mailman/listinfo/fedora-selinux-list
Then rawhide has a bug in the creation of resolv.conf. Please open a
bugzilla, on anaconda and CC me. Did you do anything special in
firstboot? Anything special in your network setup? Please report any
of this info in your bugzilla
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.8 (GNU/Linux)
Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org

iEYEARECAAYFAkfmQLEACgkQrlYvE4MpobM/NwCeIbo1Lm+b1O5fkWVWsYteJL+P
t2IAoL8hx23NowMe9PhT3L3YYejdKVQM
=gl0m
-----END PGP SIGNATURE-----

--
fedora-selinux-list mailing list
fedora-selinux-list@redhat.com
https://www.redhat.com/mailman/listinfo/fedora-selinux-list
 
Old 03-23-2008, 01:52 PM
Chuck Anderson
 
Default F9 dhcp client cannot backup resolv.conf, nor write ntp.conf

On Sun, Mar 23, 2008 at 07:36:17AM -0400, Daniel J Walsh wrote:
> > This was on the very first boot of a fresh install of rawhide.

> Then rawhide has a bug in the creation of resolv.conf. Please open a
> bugzilla, on anaconda and CC me. Did you do anything special in
> firstboot? Anything special in your network setup? Please report any
> of this info in your bugzilla

Ok, I'll try to reproduce it with a new reinstall. This was an X-less
install, and I booted into runlevel 3 from grub on the first boot, so
firstboot didn't run. I also noticed that the network service was
turned off, so I started networking manually the first time:

service network start

Perhaps that's why this happened, but I should try it again to be sure
I have the exact steps to reproduce this.

--
fedora-selinux-list mailing list
fedora-selinux-list@redhat.com
https://www.redhat.com/mailman/listinfo/fedora-selinux-list
 

Thread Tools




All times are GMT. The time now is 07:50 AM.

VBulletin, Copyright ©2000 - 2014, Jelsoft Enterprises Ltd.
Content Relevant URLs by vBSEO ©2007, Crawlability, Inc.
Copyright 2007 - 2008, www.linux-archive.org