Re: a few more problem with the latest policy

[Farkas Levente <lfarkas@xxxxxxxxx>]

Daniel J Walsh wrote:
> Farkas Levente wrote:
>
> > hi,
> > a few problem with the latest policy file.
> > allow dhcpc_t etc_t:file { unlink write };
>
>
> restorecon /etc/resolv.conf*

there is a few more strange thing. first of all there is no restorecon, 
os i install policycoreutils (but it cna be another bug since how is it 
possible that policycoreutils is not among the required packages?) 
anyway this do not change anything so probaly this won't solve the problem:
-----------------------------------------
[root@eagle ~]# ls -aZ /etc/resolv.conf*
-rw-rw-r--  root     root 
/etc/resolv.conf
-rw-rw-r--  root     root     user_u:object_r:file_t 
/etc/resolv.conf.bak
-rw-rw-r--  root     root     user_u:object_r:file_t 
/etc/resolv.conf.predhclient
[root@eagle ~]# restorecon /etc/resolv.conf*
[root@eagle ~]# ls -aZ /etc/resolv.conf*
-rw-rw-r--  root     root 
/etc/resolv.conf
-rw-rw-r--  root     root     user_u:object_r:file_t 
/etc/resolv.conf.bak
-rw-rw-r--  root     root     user_u:object_r:file_t 
/etc/resolv.conf.predhclient
-----------------------------------------

> > allow ifconfig_t initrc_t:udp_socket { read write };
>
>
> No idea what is causing this.

when i got it i issue an ifdown eth0; ifup eth0 and from the log file it 
seems there is an awk somewhere in ifdown of ifup...

> > ------------------------------------------
> > and here is the relevant part of the log file
> > ------------------------------------------
> > audit(1121423510.841:2): avc:  denied  { read write } for  pid=2215 
> > comm="ip" name="[6542]" dev=sockfs ino=6542 
> > scontext=system_u:system_r:ifconfig_t 
> > tcontext=system_u:system_r:initrc_t tclass=udp_socket
> > audit(1121423510.846:3): avc:  denied  { read write } for  pid=2218 
> > comm="ip" name="[6542]" dev=sockfs ino=6542 
> > scontext=system_u:system_r:ifconfig_t 
> > tcontext=system_u:system_r:initrc_t tclass=udp_socket
> > audit(1121423655.473:4): avc:  denied  { write } for  pid=2888 
> > comm="cp" name="resolv.conf.predhclient" dev=hda2 ino=3997781 
> > scontext=root:system_r:dhcpc_t tcontext=root:object_r:etc_t tclass=file
> > audit(1121423655.473:5): avc:  denied  { unlink } for  pid=2888 
> > comm="cp" name="resolv.conf.predhclient" dev=hda2 ino=3997781 
> > scontext=root:system_r:dhcpc_t tcontext=root:object_r:etc_t tclass=file
> > audit(1121423736.907:6): avc:  denied  { ioctl } for  pid=2982 
> > comm="awk" name="state" dev=proc ino=-268434831 
> > scontext=system_u:system_r:apmd_t tcontext=system_u:object_r:proc_t 
> > tclass=file
> > ------------------------------------------
> > yours.


--
  Levente                               "Si vis pacem para bellum!"

--
fedora-selinux-list mailing list
fedora-selinux-list@xxxxxxxxxx
http://www.redhat.com/mailman/listinfo/fedora-selinux-list