Re: a few more problem with the latest policy

[Farkas Levente <lfarkas@xxxxxxxxx>]

Farkas Levente wrote:
> Daniel J Walsh wrote:
>
> > Farkas Levente wrote:
> >
> > > hi,
> > > a few problem with the latest policy file.
> > > allow dhcpc_t etc_t:file { unlink write };
> >
> >
> >
> > restorecon /etc/resolv.conf*
>
>
> there is a few more strange thing. first of all there is no restorecon, 
> os i install policycoreutils (but it cna be another bug since how is it 
> possible that policycoreutils is not among the required packages?) 
> anyway this do not change anything so probaly this won't solve the problem:
> -----------------------------------------
> [root@eagle ~]# ls -aZ /etc/resolv.conf*
> -rw-rw-r--  root     root /etc/resolv.conf
> -rw-rw-r--  root     root     user_u:object_r:file_t /etc/resolv.conf.bak
> -rw-rw-r--  root     root     user_u:object_r:file_t 
> /etc/resolv.conf.predhclient
> [root@eagle ~]# restorecon /etc/resolv.conf*
> [root@eagle ~]# ls -aZ /etc/resolv.conf*
> -rw-rw-r--  root     root /etc/resolv.conf
> -rw-rw-r--  root     root     user_u:object_r:file_t /etc/resolv.conf.bak
> -rw-rw-r--  root     root     user_u:object_r:file_t 
> /etc/resolv.conf.predhclient
> -----------------------------------------

forget about this part (this was on an other machine:-()

> > > allow ifconfig_t initrc_t:udp_socket { read write };
> >
> >
> >
> > No idea what is causing this.
>
>
> when i got it i issue an ifdown eth0; ifup eth0 and from the log file it 
> seems there is an awk somewhere in ifdown of ifup...
>
> > > ------------------------------------------
> > > and here is the relevant part of the log file
> > > ------------------------------------------
> > > audit(1121423510.841:2): avc:  denied  { read write } for  pid=2215 
> > > comm="ip" name="[6542]" dev=sockfs ino=6542 
> > > scontext=system_u:system_r:ifconfig_t 
> > > tcontext=system_u:system_r:initrc_t tclass=udp_socket
> > > audit(1121423510.846:3): avc:  denied  { read write } for  pid=2218 
> > > comm="ip" name="[6542]" dev=sockfs ino=6542 
> > > scontext=system_u:system_r:ifconfig_t 
> > > tcontext=system_u:system_r:initrc_t tclass=udp_socket
> > > audit(1121423655.473:4): avc:  denied  { write } for  pid=2888 
> > > comm="cp" name="resolv.conf.predhclient" dev=hda2 ino=3997781 
> > > scontext=root:system_r:dhcpc_t tcontext=root:object_r:etc_t tclass=file
> > > audit(1121423655.473:5): avc:  denied  { unlink } for  pid=2888 
> > > comm="cp" name="resolv.conf.predhclient" dev=hda2 ino=3997781 
> > > scontext=root:system_r:dhcpc_t tcontext=root:object_r:etc_t tclass=file
> > > audit(1121423736.907:6): avc:  denied  { ioctl } for  pid=2982 
> > > comm="awk" name="state" dev=proc ino=-268434831 
> > > scontext=system_u:system_r:apmd_t tcontext=system_u:object_r:proc_t 
> > > tclass=file
> > > ------------------------------------------
> > > yours.


--
  Levente                               "Si vis pacem para bellum!"

--
fedora-selinux-list mailing list
fedora-selinux-list@xxxxxxxxxx
http://www.redhat.com/mailman/listinfo/fedora-selinux-list