Running latest Rawhide, targeted. In enforcing mode, NetworkManager (i.e., nm-applet) doesn't 'see' my wireless stuff. Rebooting in permissive, NetworkManager now 'sees' the wireless networks. In enforcing mode, I get this: #============= system_dbusd_t ============== allow system_dbusd_t lib_t:file execute_no_trans; In permissive mode, I get the following AVCs: #============= NetworkManager_t ============== allow NetworkManager_t system_dbusd_t:netlink_selinux_socket { read write }; allow NetworkManager_t var_log_t:dir { write search add_name }; allow NetworkManager_t var_log_t:file { create getattr }; #============= system_dbusd_t ============== allow system_dbusd_t lib_t:file execute_no_trans; I attach both audit logs. tom -- Tom London
type=DAEMON_START msg=audit(1190485128.551:4925): auditd start, ver=1.6.1, format=raw, auid=4294967295 pid=2972 res=success, auditd pid=2972 type=CONFIG_CHANGE msg=audit(1190485128.651:5): audit_enabled=1 old=0 by auid=4294967295 subj=system_u:system_r:auditd_t:s0 res=1 type=CONFIG_CHANGE msg=audit(1190485128.651:6): audit_enabled=1 old=0 by auid=4294967295 res=1 type=CONFIG_CHANGE msg=audit(1190485128.691:7): audit_backlog_limit=320 old=64 by auid=4294967295 subj=system_u:system_r:auditctl_t:s0 res=1 type=CONFIG_CHANGE msg=audit(1190485128.691:8): audit_backlog_limit=320 old=64 by auid=4294967295 res=1 type=LABEL_LEVEL_CHANGE msg=audit(1190485142.003:9): user pid=3572 uid=0 auid=4294967295 subj=system_u:system_r:cupsd_t:s0-s0:c0.c1023 msg='printer=HP4250 uri=hp:/net/hp_LaserJet_4250?ip=10.10.2.42 banners=none,none range=unknown: exe="/usr/sbin/cupsd" (hostname=localhost.localdomain, addr=127.0.0.1, terminal=? res=success)' type=LABEL_LEVEL_CHANGE msg=audit(1190485142.178:10): user pid=3572 uid=0 auid=4294967295 subj=system_u:system_r:cupsd_t:s0-s0:c0.c1023 msg='printer=HP5MP uri=hp:/par/HP_LaserJet_5MP?device=/dev/parport0 banners=none,none range=unknown: exe="/usr/sbin/cupsd" (hostname=localhost.localdomain, addr=127.0.0.1, terminal=? res=success)' type=LABEL_LEVEL_CHANGE msg=audit(1190485142.200:11): user pid=3572 uid=0 auid=4294967295 subj=system_u:system_r:cupsd_t:s0-s0:c0.c1023 msg='printer=hp_laserjet_1300 uri=usb://HP/hp%20LaserJet%201300 banners=none,none range=unknown: exe="/usr/sbin/cupsd" (hostname=localhost.localdomain, addr=127.0.0.1, terminal=? res=success)' type=LABEL_LEVEL_CHANGE msg=audit(1190485142.282:12): user pid=3572 uid=0 auid=4294967295 subj=system_u:system_r:cupsd_t:s0-s0:c0.c1023 msg='printer=hp_LaserJet_1300_USB_1 uri=usb://HP/LaserJet%201300 banners=none,none range=unknown: exe="/usr/sbin/cupsd" (hostname=localhost.localdomain, addr=127.0.0.1, terminal=? res=success)' type=LABEL_LEVEL_CHANGE msg=audit(1190485142.304:13): user pid=3572 uid=0 auid=4294967295 subj=system_u:system_r:cupsd_t:s0-s0:c0.c1023 msg='printer=SavinColor uri=ipp://10.10.3.47/ipp/ banners=none,none range=unknown: exe="/usr/sbin/cupsd" (hostname=localhost.localdomain, addr=127.0.0.1, terminal=? res=success)' type=LABEL_LEVEL_CHANGE msg=audit(1190485142.350:14): user pid=3572 uid=0 auid=4294967295 subj=system_u:system_r:cupsd_t:s0-s0:c0.c1023 msg='printer=Innopath uri=file:/dev/null banners=none,none range=unknown: exe="/usr/sbin/cupsd" (hostname=localhost.localdomain, addr=127.0.0.1, terminal=? res=success)' type=LABEL_LEVEL_CHANGE msg=audit(1190485142.351:15): user pid=3572 uid=0 auid=4294967295 subj=system_u:system_r:cupsd_t:s0-s0:c0.c1023 msg='printer=Local uri=file:/dev/null banners=none,none range=unknown: exe="/usr/sbin/cupsd" (hostname=localhost.localdomain, addr=127.0.0.1, terminal=? res=success)' type=AVC msg=audit(1190485165.723:16): avc: denied { execute_no_trans } for pid=4664 comm="dbus-daemon" path="/lib/dbus-1/dbus-daemon-launch-helper" dev=dm-0 ino=7214955 scontext=system_u:system_r:system_dbusd_t:s0 tcontext=system_u:object_r:lib_t:s0 tclass=file type=SYSCALL msg=audit(1190485165.723:16): arch=40000003 syscall=11 success=no exit=-13 a0=8f19510 a1=8f18c90 a2=8f196c0 a3=8f19350 items=0 ppid=4662 pid=4664 auid=4294967295 uid=81 gid=81 euid=81 suid=81 fsuid=81 egid=81 sgid=81 fsgid=81 tty=(none) comm="dbus-daemon" exe="/bin/dbus-daemon" subj=system_u:system_r:system_dbusd_t:s0 key=(null) type=USER_AUTH msg=audit(1190485194.775:17): user pid=4902 uid=0 auid=4294967295 subj=system_u:system_r:xdm_t:s0-s0:c0.c1023 msg='op=PAM:authentication acct=tbl exe="/usr/sbin/gdm-binary" (hostname=?, addr=?, terminal=:0 res=success)' type=USER_ACCT msg=audit(1190485194.821:18): user pid=4902 uid=0 auid=4294967295 subj=system_u:system_r:xdm_t:s0-s0:c0.c1023 msg='op=PAM:accounting acct=tbl exe="/usr/sbin/gdm-binary" (hostname=?, addr=?, terminal=:0 res=success)' type=CRED_ACQ msg=audit(1190485194.823:19): user pid=4902 uid=0 auid=4294967295 subj=system_u:system_r:xdm_t:s0-s0:c0.c1023 msg='op=PAM:setcred acct=tbl exe="/usr/sbin/gdm-binary" (hostname=?, addr=?, terminal=:0 res=success)' type=LOGIN msg=audit(1190485194.827:20): login pid=4902 uid=0 old auid=4294967295 new auid=500 type=USER_ROLE_CHANGE msg=audit(1190485194.880:21): user pid=4902 uid=0 auid=500 subj=system_u:system_r:xdm_t:s0-s0:c0.c1023 msg='pam: default-context=system_u:system_r:unconfined_t:s0 selected-context=system_u:system_r:unconfined_t:s0: exe="/usr/sbin/gdm-binary" (hostname=?, addr=?, terminal=? res=success)' type=USER_START msg=audit(1190485194.881:22): user pid=4902 uid=0 auid=500 subj=system_u:system_r:xdm_t:s0-s0:c0.c1023 msg='op=PAM:session_open acct=tbl exe="/usr/sbin/gdm-binary" (hostname=?, addr=?, terminal=:0 res=success)' type=USER_LOGIN msg=audit(1190485194.882:23): user pid=4902 uid=0 auid=500 subj=system_u:system_r:xdm_t:s0-s0:c0.c1023 msg='uid=500: exe="/usr/sbin/gdm-binary" (hostname=localhost.localdomain, addr=127.0.0.1, terminal=:0 res=success)' type=USER_AUTH msg=audit(1190485306.649:24): user pid=5441 uid=500 auid=500 subj=system_u:system_r:unconfined_t:s0 msg='op=PAM:authentication acct=root exe="/bin/su" (hostname=?, addr=?, terminal=pts/0 res=success)' type=USER_ACCT msg=audit(1190485306.659:25): user pid=5441 uid=500 auid=500 subj=system_u:system_r:unconfined_t:s0 msg='op=PAM:accounting acct=root exe="/bin/su" (hostname=?, addr=?, terminal=pts/0 res=success)' type=USER_START msg=audit(1190485306.783:26): user pid=5441 uid=500 auid=500 subj=system_u:system_r:unconfined_t:s0 msg='op=PAM:session_open acct=root exe="/bin/su" (hostname=?, addr=?, terminal=pts/0 res=success)' type=CRED_ACQ msg=audit(1190485306.784:27): user pid=5441 uid=500 auid=500 subj=system_u:system_r:unconfined_t:s0 msg='op=PAM:setcred acct=root exe="/bin/su" (hostname=?, addr=?, terminal=pts/0 res=success)'
type=DAEMON_START msg=audit(1190485661.793:7122): auditd start, ver=1.6.1, format=raw, auid=4294967295 pid=2403 res=success, auditd pid=2403 type=CONFIG_CHANGE msg=audit(1190485661.894:4): audit_enabled=1 old=0 by auid=4294967295 subj=system_u:system_r:auditd_t:s0 res=1 type=CONFIG_CHANGE msg=audit(1190485661.894:5): audit_enabled=1 old=0 by auid=4294967295 res=1 type=CONFIG_CHANGE msg=audit(1190485661.936:6): audit_backlog_limit=320 old=64 by auid=4294967295 subj=system_u:system_r:auditctl_t:s0 res=1 type=CONFIG_CHANGE msg=audit(1190485661.936:7): audit_backlog_limit=320 old=64 by auid=4294967295 res=1 type=LABEL_LEVEL_CHANGE msg=audit(1190485675.115:8): user pid=2623 uid=0 auid=4294967295 subj=system_u:system_r:cupsd_t:s0-s0:c0.c1023 msg='printer=HP4250 uri=hp:/net/hp_LaserJet_4250?ip=10.10.2.42 banners=none,none range=unknown: exe="/usr/sbin/cupsd" (hostname=localhost.localdomain, addr=127.0.0.1, terminal=? res=success)' type=LABEL_LEVEL_CHANGE msg=audit(1190485675.312:9): user pid=2623 uid=0 auid=4294967295 subj=system_u:system_r:cupsd_t:s0-s0:c0.c1023 msg='printer=HP5MP uri=hp:/par/HP_LaserJet_5MP?device=/dev/parport0 banners=none,none range=unknown: exe="/usr/sbin/cupsd" (hostname=localhost.localdomain, addr=127.0.0.1, terminal=? res=success)' type=LABEL_LEVEL_CHANGE msg=audit(1190485675.333:10): user pid=2623 uid=0 auid=4294967295 subj=system_u:system_r:cupsd_t:s0-s0:c0.c1023 msg='printer=hp_laserjet_1300 uri=usb://HP/hp%20LaserJet%201300 banners=none,none range=unknown: exe="/usr/sbin/cupsd" (hostname=localhost.localdomain, addr=127.0.0.1, terminal=? res=success)' type=LABEL_LEVEL_CHANGE msg=audit(1190485675.427:11): user pid=2623 uid=0 auid=4294967295 subj=system_u:system_r:cupsd_t:s0-s0:c0.c1023 msg='printer=hp_LaserJet_1300_USB_1 uri=usb://HP/LaserJet%201300 banners=none,none range=unknown: exe="/usr/sbin/cupsd" (hostname=localhost.localdomain, addr=127.0.0.1, terminal=? res=success)' type=LABEL_LEVEL_CHANGE msg=audit(1190485675.460:12): user pid=2623 uid=0 auid=4294967295 subj=system_u:system_r:cupsd_t:s0-s0:c0.c1023 msg='printer=SavinColor uri=ipp://10.10.3.47/ipp/ banners=none,none range=unknown: exe="/usr/sbin/cupsd" (hostname=localhost.localdomain, addr=127.0.0.1, terminal=? res=success)' type=LABEL_LEVEL_CHANGE msg=audit(1190485675.562:13): user pid=2623 uid=0 auid=4294967295 subj=system_u:system_r:cupsd_t:s0-s0:c0.c1023 msg='printer=Innopath uri=file:/dev/null banners=none,none range=unknown: exe="/usr/sbin/cupsd" (hostname=localhost.localdomain, addr=127.0.0.1, terminal=? res=success)' type=LABEL_LEVEL_CHANGE msg=audit(1190485675.563:14): user pid=2623 uid=0 auid=4294967295 subj=system_u:system_r:cupsd_t:s0-s0:c0.c1023 msg='printer=Local uri=file:/dev/null banners=none,none range=unknown: exe="/usr/sbin/cupsd" (hostname=localhost.localdomain, addr=127.0.0.1, terminal=? res=success)' type=AVC msg=audit(1190485697.487:15): avc: denied { execute_no_trans } for pid=3002 comm="dbus-daemon" path="/lib/dbus-1/dbus-daemon-launch-helper" dev=dm-0 ino=7214955 scontext=system_u:system_r:system_dbusd_t:s0 tcontext=system_u:object_r:lib_t:s0 tclass=file type=SYSCALL msg=audit(1190485697.487:15): arch=40000003 syscall=11 success=yes exit=0 a0=8a464f8 a1=8a46470 a2=8a46680 a3=8a460e0 items=0 ppid=3001 pid=3002 auid=4294967295 uid=81 gid=81 euid=0 suid=0 fsuid=0 egid=81 sgid=81 fsgid=81 tty=(none) comm="dbus-daemon-lau" exe="/lib/dbus-1/dbus-daemon-launch-helper" subj=system_u:system_r:system_dbusd_t:s0 key=(null) type=AVC msg=audit(1190485697.595:16): avc: denied { read write } for pid=3002 comm="wpa_supplicant" path="socket:[8510]" dev=sockfs ino=8510 scontext=system_u:system_r:NetworkManager_t:s0 tcontext=system_u:system_r:system_dbusd_t:s0 tclass=netlink_selinux_socket type=SYSCALL msg=audit(1190485697.595:16): arch=40000003 syscall=11 success=yes exit=0 a0=93d5fd8 a1=93d55f8 a2=93d5008 a3=2a7974 items=0 ppid=3001 pid=3002 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) comm="wpa_supplicant" exe="/usr/sbin/wpa_supplicant" subj=system_u:system_r:NetworkManager_t:s0 key=(null) type=AVC msg=audit(1190485698.055:17): avc: denied { search } for pid=3002 comm="wpa_supplicant" name="log" dev=dm-0 ino=65563 scontext=system_u:system_r:NetworkManager_t:s0 tcontext=system_u:object_r:var_log_t:s0 tclass=dir type=AVC msg=audit(1190485698.055:17): avc: denied { write } for pid=3002 comm="wpa_supplicant" name="log" dev=dm-0 ino=65563 scontext=system_u:system_r:NetworkManager_t:s0 tcontext=system_u:object_r:var_log_t:s0 tclass=dir type=AVC msg=audit(1190485698.055:17): avc: denied { add_name } for pid=3002 comm="wpa_supplicant" name="wpa_supplicant.log" scontext=system_u:system_r:NetworkManager_t:s0 tcontext=system_u:object_r:var_log_t:s0 tclass=dir type=AVC msg=audit(1190485698.055:17): avc: denied { create } for pid=3002 comm="wpa_supplicant" name="wpa_supplicant.log" scontext=system_u:system_r:NetworkManager_t:s0 tcontext=system_u:object_r:var_log_t:s0 tclass=file type=SYSCALL msg=audit(1190485698.055:17): arch=40000003 syscall=5 success=yes exit=3 a0=80880e5 a1=441 a2=1b6 a3=8eae520 items=0 ppid=3001 pid=3002 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) comm="wpa_supplicant" exe="/usr/sbin/wpa_supplicant" subj=system_u:system_r:NetworkManager_t:s0 key=(null) type=AVC msg=audit(1190485698.056:18): avc: denied { getattr } for pid=3002 comm="wpa_supplicant" path="/var/log/wpa_supplicant.log" dev=dm-0 ino=66102 scontext=system_u:system_r:NetworkManager_t:s0 tcontext=system_u:object_r:var_log_t:s0 tclass=file type=SYSCALL msg=audit(1190485698.056:18): arch=40000003 syscall=197 success=yes exit=0 a0=3 a1=bfdaae64 a2=43cff4 a3=8eae520 items=0 ppid=3001 pid=3002 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) comm="wpa_supplicant" exe="/usr/sbin/wpa_supplicant" subj=system_u:system_r:NetworkManager_t:s0 key=(null) type=USER_AUTH msg=audit(1190485729.561:19): user pid=3133 uid=0 auid=4294967295 subj=system_u:system_r:xdm_t:s0-s0:c0.c1023 msg='op=PAM:authentication acct=tbl exe="/usr/sbin/gdm-binary" (hostname=?, addr=?, terminal=:0 res=success)' type=USER_ACCT msg=audit(1190485729.610:20): user pid=3133 uid=0 auid=4294967295 subj=system_u:system_r:xdm_t:s0-s0:c0.c1023 msg='op=PAM:accounting acct=tbl exe="/usr/sbin/gdm-binary" (hostname=?, addr=?, terminal=:0 res=success)' type=CRED_ACQ msg=audit(1190485729.612:21): user pid=3133 uid=0 auid=4294967295 subj=system_u:system_r:xdm_t:s0-s0:c0.c1023 msg='op=PAM:setcred acct=tbl exe="/usr/sbin/gdm-binary" (hostname=?, addr=?, terminal=:0 res=success)' type=LOGIN msg=audit(1190485729.616:22): login pid=3133 uid=0 old auid=4294967295 new auid=500 type=USER_ROLE_CHANGE msg=audit(1190485729.659:23): user pid=3133 uid=0 auid=500 subj=system_u:system_r:xdm_t:s0-s0:c0.c1023 msg='pam: default-context=system_u:system_r:unconfined_t:s0 selected-context=system_u:system_r:unconfined_t:s0: exe="/usr/sbin/gdm-binary" (hostname=?, addr=?, terminal=? res=success)' type=USER_START msg=audit(1190485729.660:24): user pid=3133 uid=0 auid=500 subj=system_u:system_r:xdm_t:s0-s0:c0.c1023 msg='op=PAM:session_open acct=tbl exe="/usr/sbin/gdm-binary" (hostname=?, addr=?, terminal=:0 res=success)' type=USER_LOGIN msg=audit(1190485729.662:25): user pid=3133 uid=0 auid=500 subj=system_u:system_r:xdm_t:s0-s0:c0.c1023 msg='uid=500: exe="/usr/sbin/gdm-binary" (hostname=localhost.localdomain, addr=127.0.0.1, terminal=:0 res=success)' type=USER_AUTH msg=audit(1190486046.200:26): user pid=3652 uid=500 auid=500 subj=system_u:system_r:unconfined_t:s0 msg='op=PAM:authentication acct=root exe="/bin/su" (hostname=?, addr=?, terminal=pts/0 res=success)' type=USER_ACCT msg=audit(1190486046.206:27): user pid=3652 uid=500 auid=500 subj=system_u:system_r:unconfined_t:s0 msg='op=PAM:accounting acct=root exe="/bin/su" (hostname=?, addr=?, terminal=pts/0 res=success)' type=USER_START msg=audit(1190486046.496:28): user pid=3652 uid=500 auid=500 subj=system_u:system_r:unconfined_t:s0 msg='op=PAM:session_open acct=root exe="/bin/su" (hostname=?, addr=?, terminal=pts/0 res=success)' type=CRED_ACQ msg=audit(1190486046.496:29): user pid=3652 uid=500 auid=500 subj=system_u:system_r:unconfined_t:s0 msg='op=PAM:setcred acct=root exe="/bin/su" (hostname=?, addr=?, terminal=pts/0 res=success)'
-- fedora-selinux-list mailing list fedora-selinux-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/fedora-selinux-list