FAQ Search Today's Posts Mark Forums Read
» Video Reviews

» Linux Archive

Linux-archive is a website aiming to archive linux email lists and to make them easily accessible for linux users/developers.


» Sponsor

» Partners

» Sponsor

Go Back   Linux Archive > Redhat > Fedora SELinux Support

 
 
LinkBack Thread Tools
 
Old 03-11-2012, 01:09 PM
Steven Stern
 
Default Alert from turning off/on wireless

On my (very old) laptop, I turned off the wireless (via the hardware
switch) then turned it back on, generating an alert. This action
should be allowed by the default policy. (Fedora 17)


SELinux is preventing NetworkManager from read access on the file
/etc/sysctl.conf.

***** Plugin catchall (100. confidence) suggests ***************************

If you believe that NetworkManager should be allowed read access on
the sysctl.conf file by default.
Then you should report this as a bug.
You can generate a local policy module to allow this access.
Do
allow this access for now by executing:
# grep NetworkManager /var/log/audit/audit.log | audit2allow -M mypol
# semodule -i mypol.pp

Additional Information:
Source Context system_u:system_r:NetworkManager_t:s0
Target Context system_ubject_r:system_conf_t:s0
Target Objects /etc/sysctl.conf [ file ]
Source NetworkManager
Source Path NetworkManager
Port <Unknown>
Host sdssony.sterndata.local
Source RPM Packages
Target RPM Packages initscripts-9.35-1.fc17.i686
Policy RPM selinux-policy-3.10.0-95.fc17.noarch
Selinux Enabled True
Policy Type targeted
Enforcing Mode Enforcing
Host Name sdssony.sterndata.local
Platform Linux sdssony.sterndata.local
3.3.0-0.rc6.git0.2.fc17.i686.PAE #1 SMP Mon Mar 5
17:02:45 UTC 2012 i686 i686
Alert Count 3
First Seen Sat 10 Mar 2012 05:46:38 PM CST
Last Seen Sun 11 Mar 2012 09:03:09 AM CDT
Local ID dcb10873-6853-4f15-b7ad-98be5dca0afb

Raw Audit Messages
type=AVC msg=audit(1331474589.552:82): avc: denied { read } for
pid=581 comm="NetworkManager" name="sysctl.conf" dev="sda5"
ino=2360124 scontext=system_u:system_r:NetworkManager_t:s0
tcontext=system_ubject_r:system_conf_t:s0 tclass=file


Hash: NetworkManager,NetworkManager_t,system_conf_t,file ,read

audit2allowunable to open /sys/fs/selinux/policy: Permission denied


audit2allow -Runable to open /sys/fs/selinux/policy: Permission denied
--
selinux mailing list
selinux@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/selinux
 
Old 03-12-2012, 09:02 AM
Miroslav Grepl
 
Default Alert from turning off/on wireless

On 03/11/2012 03:09 PM, Steven Stern wrote:

On my (very old) laptop, I turned off the wireless (via the hardware
switch) then turned it back on, generating an alert. This action
should be allowed by the default policy. (Fedora 17)


SELinux is preventing NetworkManager from read access on the file
/etc/sysctl.conf.

***** Plugin catchall (100. confidence) suggests ***************************

If you believe that NetworkManager should be allowed read access on
the sysctl.conf file by default.
Then you should report this as a bug.
You can generate a local policy module to allow this access.
Do
allow this access for now by executing:
# grep NetworkManager /var/log/audit/audit.log | audit2allow -M mypol
# semodule -i mypol.pp

Additional Information:
Source Context system_u:system_r:NetworkManager_t:s0
Target Context system_ubject_r:system_conf_t:s0
Target Objects /etc/sysctl.conf [ file ]
Source NetworkManager
Source Path NetworkManager
Port<Unknown>
Host sdssony.sterndata.local
Source RPM Packages
Target RPM Packages initscripts-9.35-1.fc17.i686
Policy RPM selinux-policy-3.10.0-95.fc17.noarch
Selinux Enabled True
Policy Type targeted
Enforcing Mode Enforcing
Host Name sdssony.sterndata.local
Platform Linux sdssony.sterndata.local
3.3.0-0.rc6.git0.2.fc17.i686.PAE #1 SMP Mon Mar 5
17:02:45 UTC 2012 i686 i686
Alert Count 3
First Seen Sat 10 Mar 2012 05:46:38 PM CST
Last Seen Sun 11 Mar 2012 09:03:09 AM CDT
Local ID dcb10873-6853-4f15-b7ad-98be5dca0afb

Raw Audit Messages
type=AVC msg=audit(1331474589.552:82): avc: denied { read } for
pid=581 comm="NetworkManager" name="sysctl.conf" dev="sda5"
ino=2360124 scontext=system_u:system_r:NetworkManager_t:s0
tcontext=system_ubject_r:system_conf_t:s0 tclass=file


Hash: NetworkManager,NetworkManager_t,system_conf_t,file ,read

audit2allowunable to open /sys/fs/selinux/policy: Permission denied


audit2allow -Runable to open /sys/fs/selinux/policy: Permission denied
--
selinux mailing list
selinux@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/selinux

Yes, this is known bug which should be fixed in the latest F17 policy.

http://koji.fedoraproject.org/koji/buildinfo?buildID=305982


--
selinux mailing list
selinux@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/selinux
 

Thread Tools




All times are GMT. The time now is 11:25 AM.

VBulletin, Copyright ©2000 - 2014, Jelsoft Enterprises Ltd.
Content Relevant URLs by vBSEO ©2007, Crawlability, Inc.
Copyright 2007 - 2008, www.linux-archive.org