USERCTL=yes - ifup by non-privileged user AVCs.

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



I have USERCTL=yes in my /etc/sysconfig/network-scripts/ifcfg-wvlan0 and I run "ifup wvlan0" as a non-privileged user. Of course, this generates a long list of AVC messages. Should there be some special policy provisions for the usernetctl?

security_compute_sid: invalid context user_u:user_r:insmod_t for scontext=user_u:user_r:user_t tcontext=system_u:object_r:insmod_exec_t tclass=process
audit(1079121920.219:0): avc: denied { read write } for pid=1123 exe=/sbin/insmod path=/dev/pts/9 dev= ino=11 scontext=user_u:user_r:insmod_t tcontext=user_u:object_r:user_devpts_t tclass=chr_file
audit(1079121920.231:0): avc: denied { getattr } for pid=1046 exe=/bin/bash path=/etc/dhclient.conf dev=hda2 ino=231943 scontext=user_u:user_r:user_t tcontext=system_u:object_r:dhcp_etc_t tclass=file
audit(1079121920.233:0): avc: denied { create } for pid=1124 exe=/bin/bash name=dhclient-wvlan0.conf.ifupnew scontext=user_u:user_r:user_t tcontext=user_u:object_r:etc_t tclass=file
audit(1079121920.234:0): avc: denied { getattr } for pid=17337 exe=/usr/bin/fam path=/etc/mtab dev=hda2 ino=229229 scontext=system_u:system_r:inetd_child_t tcontext=system_u:object_r:etc_runtime_t tclass=file
audit(1079121920.237:0): avc: denied { read } for pid=1124 exe=/bin/grep name=dhclient.conf dev=hda2 ino=231943 scontext=user_u:user_r:user_t tcontext=system_u:object_r:dhcp_etc_t tclass=file
audit(1079121920.254:0): avc: denied { write } for pid=1124 exe=/bin/grep path=/etc/dhclient-wvlan0.conf.ifupnew dev=hda2 ino=2191270 scontext=user_u:user_r:user_t tcontext=user_u:object_r:etc_t tclass=file
audit(1079121920.259:0): avc: denied { write } for pid=1125 exe=/bin/bash name=dhclient.conf dev=hda2 ino=231943 scontext=user_u:user_r:user_t tcontext=system_u:object_r:dhcp_etc_t tclass=file
audit(1079121920.268:0): avc: denied { unlink } for pid=1126 exe=/bin/rm name=dhclient-wvlan0.conf.ifupnew dev=hda2 ino=2191270 scontext=user_u:user_r:user_t tcontext=user_u:object_r:etc_t tclass=file
audit(1079121920.421:0): avc: denied { search } for pid=1144 exe=/sbin/dhclient name=dhcp dev=hda2 ino=1815097 scontext=user_u:user_r:user_t tcontext=system_u:object_r:dhcp_state_t tclass=dir
audit(1079121920.422:0): avc: denied { read } for pid=1144 exe=/sbin/dhclient name=dhclient-wvlan0.leases dev=hda2 ino=1815259 scontext=user_u:user_r:user_t tcontext=system_u:object_r:dhcpc_state_t tclass=file
audit(1079121920.422:0): avc: denied { write } for pid=1144 exe=/sbin/dhclient name=dhclient-wvlan0.leases dev=hda2 ino=1815259 scontext=user_u:user_r:user_t tcontext=system_u:object_r:dhcpc_state_t tclass=file
audit(1079121920.442:0): avc: denied { getattr } for pid=1144 exe=/sbin/dhclient path=/var/lib/dhcp/dhclient-wvlan0.leases dev=hda2 ino=1815259 scontext=user_u:user_r:user_t tcontext=system_u:object_r:dhcpc_state_t tclass=file
wvlan0: New link status: Connected (0001)
audit(1079121921.923:0): avc: denied { create } for pid=1144 exe=/sbin/dhclient scontext=user_u:user_r:user_t tcontext=user_u:user_r:user_t tclass=packet_socket
audit(1079121921.923:0): avc: denied { bind } for pid=1144 exe=/sbin/dhclient scontext=user_u:user_r:user_t tcontext=user_u:user_r:user_t tclass=packet_socket
audit(1079121921.928:0): avc: denied { setopt } for pid=1144 exe=/sbin/dhclient scontext=user_u:user_r:user_t tcontext=user_u:user_r:user_t tclass=packet_socket
audit(1079121921.928:0): avc: denied { name_bind } for pid=1144 exe=/sbin/dhclient src=68 scontext=user_u:user_r:user_t tcontext=system_u:object_r:dhcpc_port_t tclass=udp_socket
audit(1079121921.929:0): avc: denied { write } for pid=1144 exe=/sbin/dhclient scontext=user_u:user_r:user_t tcontext=user_u:user_r:user_t tclass=packet_socket
audit(1079121922.935:0): avc: denied { read } for pid=1144 exe=/sbin/dhclient path=socket:[5287768] dev= ino=5287768 scontext=user_u:user_r:user_t tcontext=user_u:user_r:user_t tclass=packet_socket
audit(1079121923.662:0): avc: denied { write } for pid=1247 exe=/sbin/dhclient name=dhclient-wvlan0.pid dev=hda2 ino=179909 scontext=user_u:user_r:user_t tcontext=system_u:object_r:dhcpc_var_run_t tclass=file


--
Aleksey Nogin

Home Page: http://nogin.org/
E-Mail: nogin@xxxxxxxxxxxxxx (office), aleksey@xxxxxxxxx (personal)
Office: Jorgensen 70, tel: (626) 395-2907



[Index of Archives]     [Fedora Users]     [Fedora Desktop]     [Big List of Linux Books]     [Yosemite News]     [Yosemite Campsites]     [KDE Users]     [Gnome Users]

  Powered by Linux