AVCs on bringing up a network device via hotplug.

Aleksey Nogin <aleksey@xxxxxxxxx> · Thu, 11 Mar 2004 07:38:40 -0800



audit(1079019200.094:0): avc:  denied  { net_admin } for  pid=18206 
exe=/sbin/nameif capability=12 scontext=system_u:system_r:hotplug_t 
tcontext=system_u:system_r:hotplug_t tclass=capability

audit(1079019200.519:0): avc:  denied  { getattr } for  pid=18144 
exe=/bin/bash path=/etc/dhclient.conf dev=hda2 ino=231943 
scontext=system_u:system_r:hotplug_t 
tcontext=system_u:object_r:dhcp_etc_t tclass=file

audit(1079019200.521:0): avc:  denied  { write } for  pid=18221 
exe=/bin/bash name=etc dev=hda2 ino=228929 
scontext=system_u:system_r:hotplug_t tcontext=system_u:object_r:etc_t 
tclass=dir

audit(1079019200.521:0): avc:  denied  { add_name } for  pid=18221 
exe=/bin/bash name=dhclient-wvlan0.conf.ifupnew 
scontext=system_u:system_r:hotplug_t tcontext=system_u:object_r:etc_t 
tclass=dir

audit(1079019200.521:0): avc:  denied  { create } for  pid=18221 
exe=/bin/bash name=dhclient-wvlan0.conf.ifupnew 
scontext=system_u:system_r:hotplug_t tcontext=system_u:object_r:etc_t 
tclass=file

audit(1079019200.541:0): avc:  denied  { read } for  pid=18221 
exe=/bin/grep name=dhclient.conf dev=hda2 ino=231943 
scontext=system_u:system_r:hotplug_t 
tcontext=system_u:object_r:dhcp_etc_t tclass=file

audit(1079019200.542:0): avc:  denied  { search } for  pid=17337 
exe=/usr/bin/fam name=sys dev= ino=4120 
scontext=system_u:system_r:inetd_child_t 
tcontext=system_u:object_r:sysctl_t tclass=dir

audit(1079019200.542:0): avc:  denied  { getattr } for  pid=17337 
exe=/usr/bin/fam path=/etc/mtab dev=hda2 ino=229229 
scontext=system_u:system_r:inetd_child_t 
tcontext=system_u:object_r:etc_runtime_t tclass=file

audit(1079019200.572:0): avc:  denied  { write } for  pid=18221 
exe=/bin/grep path=/etc/dhclient-wvlan0.conf.ifupnew dev=hda2 
ino=2191270 scontext=system_u:system_r:hotplug_t 
tcontext=system_u:object_r:etc_t tclass=file

audit(1079019200.574:0): avc:  denied  { write } for  pid=18222 
exe=/bin/bash name=dhclient.conf dev=hda2 ino=231943 
scontext=system_u:system_r:hotplug_t 
tcontext=system_u:object_r:dhcp_etc_t tclass=file

audit(1079019200.580:0): avc:  denied  { remove_name } for  pid=18223 
exe=/bin/rm name=dhclient-wvlan0.conf.ifupnew dev=hda2 ino=2191270 
scontext=system_u:system_r:hotplug_t tcontext=system_u:object_r:etc_t 
tclass=dir

audit(1079019200.580:0): avc:  denied  { unlink } for  pid=18223 
exe=/bin/rm name=dhclient-wvlan0.conf.ifupnew dev=hda2 ino=2191270 
scontext=system_u:system_r:hotplug_t tcontext=system_u:object_r:etc_t 
tclass=file

audit(1079019200.778:0): avc:  denied  { dac_override } for  pid=18241 
exe=/bin/bash capability=1 scontext=system_u:system_r:dhcpc_t 
tcontext=system_u:system_r:dhcpc_t tclass=capability

audit(1079019203.873:0): avc:  denied  { fsetid } for  pid=18339 
exe=/bin/chmod capability=4 scontext=system_u:system_r:dhcpc_t 
tcontext=system_u:system_r:dhcpc_t tclass=capability


% ls --context /etc/dhclient*

-rw-r--r--+ root     root     system_u:object_r:dhcp_etc_t 
/etc/dhclient.conf

lrwxrwxrwx  root     root     system_u:object_r:etc_t 
/etc/dhclient-eth0.conf -> dhclient.conf

lrwxrwxrwx  root     root     system_u:object_r:etc_t 
/etc/dhclient-wvlan0.conf -> dhclient.conf


--
Aleksey Nogin


Home Page: http://nogin.org/
E-Mail: nogin@xxxxxxxxxxxxxx (office), aleksey@xxxxxxxxx (personal)
Office: Jorgensen 70, tel: (626) 395-2907