Rawhide: SELinux is preventing dhclient-script (dhcpc_t) "getattr"

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

Summary:

SELinux is preventing dhclient-script (dhcpc_t) "getattr" to
/etc/sysconfig/network-scripts (net_conf_t).

Detailed Description:

SELinux denied access requested by dhclient-script. It is not expected that this
access is required by dhclient-script and this access may signal an intrusion
attempt. It is also possible that the specific version or configuration of the
application is causing it to require additional access.

Allowing Access:

Sometimes labeling problems can cause SELinux denials. You could try to restore
the default system file context for /etc/sysconfig/network-scripts,

restorecon -v '/etc/sysconfig/network-scripts'

If this does not work, there is currently no automatic way to allow this access.
Instead, you can generate a local policy module to allow this access - see FAQ
(http://fedora.redhat.com/docs/selinux-faq-fc5/#id2961385) Or you can disable
SELinux protection altogether. Disabling SELinux protection is not recommended.
Please file a bug report (http://bugzilla.redhat.com/bugzilla/enter_bug.cgi)
against this package.

Additional Information:

Source Context                unconfined_u:system_r:dhcpc_t:s0-s0:c0.c1023
Target Context                system_u:object_r:net_conf_t:s0
Target Objects                /etc/sysconfig/network-scripts [ dir ]
Source                        dhclient-script
Source Path                   /bin/bash
Port                          <Unknown>
Host                          torrent01.frankly3d.local
Source RPM Packages           bash-4.0-0.4.rc1.fc11
Target RPM Packages           initscripts-8.89-1
Policy RPM                    selinux-policy-3.6.6-1.fc11
Selinux Enabled               True
Policy Type                   targeted
MLS Enabled                   True
Enforcing Mode                Enforcing
Plugin Name                   catchall_file
Host Name                     torrent01.frankly3d.local
Platform                      Linux torrent01.frankly3d.local
                              2.6.29-0.124.rc5.fc11.i586 #1 SMP Mon Feb 16
                              21:15:37 EST 2009 i686 i686
Alert Count                   22
First Seen                    Wed 18 Feb 2009 18:27:50 GMT
Last Seen                     Wed 18 Feb 2009 18:28:10 GMT
Local ID                      b0b1e5b5-49b2-4163-8d84-e7f08502aacb
Line Numbers

Raw Audit Messages

node=torrent01.frankly3d.local type=AVC msg=audit(1234981690.326:167):
avc:  denied  { getattr } for  pid=31049 comm="dhclient-script"
path="/etc/sysconfig/network-scripts" dev=dm-3 ino=54
scontext=unconfined_u:system_r:dhcpc_t:s0-s0:c0.c1023
tcontext=system_u:object_r:net_conf_t:s0 tclass=dir

node=torrent01.frankly3d.local type=SYSCALL
msg=audit(1234981690.326:167): arch=40000003 syscall=195 success=no
exit=-13 a0=80e653b a1=bfcb8e2c a2=6dfff4 a3=8a147e8 items=0
ppid=31032 pid=31049 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0
sgid=0 fsgid=0 tty=pts0 ses=1 comm="dhclient-script" exe="/bin/bash"
subj=unconfined_u:system_r:dhcpc_t:s0-s0:c0.c1023 key=(null)


------------------
I have run an audit2allow against this.  But figured I should post anyway.

-- 
aMSN: Frankly3D

--
fedora-selinux-list mailing list
fedora-selinux-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/fedora-selinux-list
[Index of Archives]     [Fedora Users]     [Fedora Desktop]     [Big List of Linux Books]     [Yosemite News]     [Yosemite Campsites]     [KDE Users]     [Gnome Users]

  Powered by Linux