Re: vmware/vmnet:

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

Tom London wrote:

Running targeted/enforcing, latest rawhide.

Notice the following AVC generated by VMware init sequence:
Mar 30 06:33:35 localhost kernel: audit(1112193215.505:0): avc: denied { search } for pid=3690 exe=/sbin/ifconfig name=net dev=sysfs
ino=225 scontext=user_u:system_r:ifconfig_t
tcontext=system_u:object_r:sysfs_t tclass=dir
Mar 30 06:33:35 localhost kernel: vmnet8: failed sysfs registration (-13)

This seems to imply:
allow ifconfig_t sysfs_t:dir search;

ifconfig.te has
domain_auto_trans(initrc_t, ifconfig_exec_t, ifconfig_t)

So, should ifconfig_t be allowed the same access to sysfs_t as initrc_t, such as
r_dir_file(ifconfig_t, sysfs_t)

thanks,
tom


Not sure that it needs this. Have you tried to allow it and seen if it gets more AVC messages?
Or attempted to setenforce 0 to see if it asks for others.

Dan

--


[Index of Archives]     [Fedora Users]     [Fedora Desktop]     [Big List of Linux Books]     [Yosemite News]     [Yosemite Campsites]     [KDE Users]     [Gnome Users]

  Powered by Linux