FAQ Search Today's Posts Mark Forums Read
» Video Reviews

» Linux Archive

Linux-archive is a website aiming to archive linux email lists and to make them easily accessible for linux users/developers.


» Sponsor

» Partners

» Sponsor

Go Back   Linux Archive > Redhat > Fedora User

 
 
LinkBack Thread Tools
 
Old 05-25-2008, 02:49 PM
"Marco Guazzone"
 
Default FC9: ADSL for non-root users

Hello everyone!

I've created an xDSL connection with system-config-network.

If I try to connect as non-root user with the command:
$ /sbin/ifup DSL
I got the error message:

--- [snip] ---

pppd does not exist or is not executable
ifup-ppp for ppp0 exiting
--- [/snip] ---

along with the SElinux error:

--- [snip] ---
SELinux is preventing ifup-ppp (usernetctl_t) "getattr" to /usr/sbin/pppd (pppd_exec_t).

--- [/snip] ---


If instead I execute the same command as root or with sudo all works.

Note:
* in FC8 I was able to connect without root privileges
* Using the adsl-start got no error but has no effect (no connection starts).


Any idea?

Thanks!!

Cheers,

--- Marco

--
fedora-list mailing list
fedora-list@redhat.com
To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list
 
Old 05-25-2008, 03:01 PM
Anne Wilson
 
Default FC9: ADSL for non-root users

On Sunday 25 May 2008 15:49:28 Marco Guazzone wrote:
> Hello everyone!
>
> I've created an xDSL connection with system-config-network.
>
> If I try to connect as non-root user with the command:
> $ /sbin/ifup DSL
> I got the error message:
>
> --- [snip] ---
> pppd does not exist or is not executable
> ifup-ppp for ppp0 exiting
> --- [/snip] ---
>
> along with the SElinux error:
>
> --- [snip] ---
> SELinux is preventing ifup-ppp (usernetctl_t) "getattr" to /usr/sbin/pppd
> (pppd_exec_t).
> --- [/snip] ---
>
> If instead I execute the same command as root or with sudo all works.
>
> Note:
> * in FC8 I was able to connect without root privileges
> * Using the adsl-start got no error but has no effect (no connection
> starts).
>
Run the troubleshooter with 'sealert -b'. You'll see the same error message
and it will tell you what to do about it.

Anne


--
fedora-list mailing list
fedora-list@redhat.com
To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list
 
Old 05-25-2008, 03:20 PM
"Marco Guazzone"
 
Default FC9: ADSL for non-root users

Hi Anne,

Set SE troubleshootd says to run:

$ restorecon -v '/usr/sbin/pppd'

I've tried but no hope. Same error.

Here below is the detailed SElinux error:

--- [snip] ---
*Summary*

SELinux is preventing ifup-ppp (usernetctl_t) "getattr" to /usr/sbin/pppd (pppd_exec_t).

*Detailed Description*
SELinux denied access requested by ifup-ppp. It is not expected that this access is required by ifup-ppp and this access may signal an intrusion attempt. It is also possible that the specific version or configuration of the application is causing it to require additional access.


*Allowing Access*
Sometimes labeling problems can cause SELinux denials. You could try to restore the default system file context for /usr/sbin/pppd,

restorecon -v '/usr/sbin/pppd'

If this does not work, there is currently no automatic way to allow this access. Instead, you can generate a local policy module to allow this access - see FAQ Or you can disable SELinux protection altogether. Disabling SELinux protection is not recommended. Please file a bug report against this package.


*Additional Information*
Source Context:**unconfined_u:unconfined_r:usernetctl_t:s 0-s0:c0.c1023
Target Context:**system_ubject_rppd_exec_t:s0
Target Objects:**/usr/sbin/pppd [ file ]
Source:**ifup-ppp

Source Path:**/bin/bash
Port:**<Unknown>
Host:**backtrack
Source RPM Packages:**bash-3.2-22.fc9
Target RPM Packages:**ppp-2.4.4-7.fc9
Policy RPM:**selinux-policy-3.3.1-51.fc9
Selinux Enabled:**True

Policy Type:**targeted
MLS Enabled:**True
Enforcing Mode:**Enforcing
Plugin Name:**catchall_file
Host Name:**backtrack
Platform:**Linux backtrack 2.6.25.3-18.fc9.x86_64 #1 SMP Tue May 13 04:54:47 EDT 2008 x86_64 x86_64

Alert Count:**5
First Seen:**Sat 24 May 2008 09:34:44 AM CEST
Last Seen:**Sun 25 May 2008 05:12:11 PM CEST
Local ID:**2d7c3d51-e43f-4791-b453-3d32e6239030
Line Numbers:*
Raw Audit Messages :
* host=backtrack type=AVC msg=audit(1211728331.28:175): avc: denied { getattr } for pid=25519 comm="ifup-ppp" path="/usr/sbin/pppd" dev=sda5 ino=19009 scontext=unconfined_u:unconfined_r:usernetctl_t:s0-s0:c0.c1023 tcontext=system_ubject_rppd_exec_t:s0 tclass=file

* host=backtrack type=SYSCALL msg=audit(1211728331.28:175): arch=c000003e syscall=4 success=no exit=-13 a0=16a40a0 a1=7fff2f3aea90 a2=7fff2f3aea90 a3=8 items=0 ppid=20794 pid=25519 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts7 ses=1 comm="ifup-ppp" exe="/bin/bash" subj=unconfined_u:unconfined_r:usernetctl_t:s0-s0:c0.c1023 key=(null)

--- [/snip] ---

And this is my ifcfg-DSL script:
--- [snip] ---
# Please read /usr/share/doc/initscripts-*/sysconfig.txt
# for the documentation of these parameters.
TYPE=xDSL
DEVICE=ppp0
BOOTPROTO=dialup

USERCTL=yes
PEERDNS=yes
IPV6INIT=no
PIDFILE=/var/run/pppoe-adsl.pid
FIREWALL=NONE
PING=.
PPPOE_TIMEOUT=80
LCP_FAILURE=3
LCP_INTERVAL=20
CLAMPMSS=1412
CONNECT_POLL=6
CONNECT_TIMEOUT=60
PERSIST=no

SYNCHRONOUS=no
DEFROUTE=yes
USER='xxx@xxx.xxx'
ETH=eth0
PROVIDER=DSL
DEMAND=no
NM_CONTROLLED=no
>--- [/snip] ---

Thanks!!

-- Marco

2008/5/25 Anne Wilson <cannewilson@googlemail.com>:

On Sunday 25 May 2008 15:49:28 Marco Guazzone wrote:


> Hello everyone!

>

> I've created an xDSL connection with system-config-network.

>

> If I try to connect as non-root user with the command:

> $ /sbin/ifup DSL

> I got the error message:

>

> --- [snip] ---

> pppd does not exist or is not executable

> ifup-ppp for ppp0 exiting

> --- [/snip] ---

>

> along with the SElinux error:

>

> --- [snip] ---

> SELinux is preventing ifup-ppp (usernetctl_t) "getattr" to /usr/sbin/pppd

> (pppd_exec_t).

> --- [/snip] ---

>

> If instead I execute the same command as root or with sudo all works.

>

> Note:

> * in FC8 I was able to connect without root privileges

> * Using the adsl-start got no error but has no effect (no connection

> starts).

>

Run the troubleshooter with 'sealert -b'. *You'll see the same error message

and it will tell you what to do about it.



Anne






--

fedora-list mailing list

fedora-list@redhat.com

To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list


--
fedora-list mailing list
fedora-list@redhat.com
To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list
 
Old 05-25-2008, 04:26 PM
Anne Wilson
 
Default FC9: ADSL for non-root users

On Sunday 25 May 2008 16:20:53 Marco Guazzone wrote:
> Hi Anne,
>
Hi, Marco. Please don't top-post. It upsets a lot of people, and, more
importantly, makes threads difficult to follow.

> Set SE troubleshootd says to run:
>
> $ restorecon -v '/usr/sbin/pppd'
>
> I've tried but no hope. Same error.
>
> Here below is the detailed SElinux error:
>
> --- [snip] ---
> *Summary*
> SELinux is preventing ifup-ppp (usernetctl_t) "getattr" to /usr/sbin/pppd
> (pppd_exec_t).
>
> *Detailed Description*
> SELinux denied access requested by ifup-ppp. It is not expected that this
> access is required by ifup-ppp and this access may signal an intrusion
> attempt. It is also possible that the specific version or configuration of
> the application is causing it to require additional access.
>
> *Allowing Access*
> Sometimes labeling problems can cause SELinux denials. You could try to
> restore the default system file context for /usr/sbin/pppd,
>
> restorecon -v '/usr/sbin/pppd'
>
> If this does not work, there is currently no automatic way to allow this
> access. Instead, you can generate a local policy module to allow this
> access - see FAQ Or you can disable SELinux protection altogether.
> Disabling SELinux protection is not recommended. Please file a bug report
> against this package.
>
> *Additional Information*
> Source Context: unconfined_u:unconfined_r:usernetctl_t:s0-s0:c0.c1023
> Target Context: system_ubject_rppd_exec_t:s0
> Target Objects: /usr/sbin/pppd [ file ]
> Source: ifup-ppp
> Source Path: /bin/bash
> Port: <Unknown>
> Host: backtrack
> Source RPM Packages: bash-3.2-22.fc9
> Target RPM Packages: ppp-2.4.4-7.fc9
> Policy RPM: selinux-policy-3.3.1-51.fc9
> Selinux Enabled: True
> Policy Type: targeted
> MLS Enabled: True
> Enforcing Mode: Enforcing
> Plugin Name: catchall_file
> Host Name: backtrack
> Platform: Linux backtrack 2.6.25.3-18.fc9.x86_64 #1 SMP Tue May 13
> 04:54:47 EDT 2008 x86_64 x86_64
> Alert Count: 5
> First Seen: Sat 24 May 2008 09:34:44 AM CEST
> Last Seen: Sun 25 May 2008 05:12:11 PM CEST
> Local ID: 2d7c3d51-e43f-4791-b453-3d32e6239030
> Line Numbers:
> Raw Audit Messages :
> host=backtrack type=AVC msg=audit(1211728331.28:175): avc: denied {
> getattr } for pid=25519 comm="ifup-ppp" path="/usr/sbin/pppd" dev=sda5
> ino=19009 scontext=unconfined_u:unconfined_r:usernetctl_t:s0-s0:c0.c1023
> tcontext=system_ubject_rppd_exec_t:s0 tclass=file
> host=backtrack type=SYSCALL msg=audit(1211728331.28:175): arch=c000003e
> syscall=4 success=no exit=-13 a0=16a40a0 a1=7fff2f3aea90 a2=7fff2f3aea90
> a3=8 items=0 ppid=20794 pid=25519 auid=500 uid=0 gid=0 euid=0 suid=0
> fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts7 ses=1 comm="ifup-ppp"
> exe="/bin/bash" subj=unconfined_u:unconfined_r:usernetctl_t:s0-s0:c0.c1023
> key=(null) --- [/snip] ---
>
> And this is my ifcfg-DSL script:
> --- [snip] ---
> # Please read /usr/share/doc/initscripts-*/sysconfig.txt
> # for the documentation of these parameters.
> TYPE=xDSL
> DEVICE=ppp0
> BOOTPROTO=dialup
> USERCTL=yes
> PEERDNS=yes
> IPV6INIT=no
> PIDFILE=/var/run/pppoe-adsl.pid
> FIREWALL=NONE
> PING=.
> PPPOE_TIMEOUT=80
> LCP_FAILURE=3
> LCP_INTERVAL=20
> CLAMPMSS=1412
> CONNECT_POLL=6
> CONNECT_TIMEOUT=60
> PERSIST=no
> SYNCHRONOUS=no
> DEFROUTE=yes
> USER='xxx@xxx.xxx'
> ETH=eth0
> PROVIDER=DSL
> DEMAND=no
> NM_CONTROLLED=no
> ONBOOT=no
> --- [/snip] ---
>
Your best bet, then, is to file a bug report. You should get a response
pretty quickly.

Anne
--
fedora-list mailing list
fedora-list@redhat.com
To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list
 

Thread Tools




All times are GMT. The time now is 09:51 AM.

VBulletin, Copyright ©2000 - 2014, Jelsoft Enterprises Ltd.
Content Relevant URLs by vBSEO ©2007, Crawlability, Inc.
Copyright 2007 - 2008, www.linux-archive.org