Re: network-scripts problem

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 





--- On Tue, 2/17/09, Antonio Olivares <olivares14031@xxxxxxxxx> wrote:

> From: Antonio Olivares <olivares14031@xxxxxxxxx>
> Subject: network-scripts problem
> To: fedora-list@xxxxxxxxxx
> Cc: fedora-selinux-list@xxxxxxxxxx
> Date: Tuesday, February 17, 2009, 7:43 AM
> Dear fellow testers, 
> 
> I encountered network functions/network-scripts problem :(
> 
> [root@localhost ~]# dhclient eth0
> Missing /etc/sysconfig/network-scripts/network-functions,
> exiting.
> Missing /etc/sysconfig/network-scripts/network-functions,
> exiting.
> Missing /etc/sysconfig/network-scripts/network-functions,
> exiting.
> ^C                                                         
>       
> [root@localhost ~]# restorecon -v 'network-scripts'
>               
> restorecon:  stat error on network-scripts:  No such file
> or directory
> [root@localhost ~]# restorecon -v network-scripts
> restorecon:  stat error on network-scripts:  No such file
> or directory
> [root@localhost ~]# dhclient eth0                   
> Missing /etc/sysconfig/network-scripts/network-functions,
> exiting.
> ^C                                                         
>       
> You have new mail in /var/spool/mail/root                  
>       
> [root@localhost ~]# service network status                 
>       
> Configured devices:                                        
>       
> lo eth0 eth1                                               
>       
> Currently active devices:
> lo eth1 eth0
> [root@localhost ~]# service network restart
> Shutting down interface eth0:                             
> [  OK  ]
> Shutting down interface eth1:                             
> [  OK  ]
> Shutting down loopback interface:                         
> [  OK  ]
> Disabling IPv4 packet forwarding:  net.ipv4.ip_forward = 0
>                                                           
> [  OK  ]
> Bringing up loopback interface:                           
> [  OK  ]
> Bringing up interface eth0:
> Determining IP information for eth0...Missing
> /etc/sysconfig/network-scripts/network-functions, exiting.
> ^C
> 
> Got also greeted by selinux alert:
> 
> 
> Summary:
> 
> SELinux is preventing dhclient-script (dhcpc_t)
> "search" to network-scripts
> (net_conf_t).
> 
> Detailed Description:
> 
> SELinux denied access requested by dhclient-script. It is
> not expected that this
> access is required by dhclient-script and this access may
> signal an intrusion
> attempt. It is also possible that the specific version or
> configuration of the
> application is causing it to require additional access.
> 
> Allowing Access:
> 
> Sometimes labeling problems can cause SELinux denials. You
> could try to restore
> the default system file context for network-scripts,
> 
> restorecon -v 'network-scripts'
> 
> If this does not work, there is currently no automatic way
> to allow this access.
> Instead, you can generate a local policy module to allow
> this access - see FAQ
> (http://fedora.redhat.com/docs/selinux-faq-fc5/#id2961385)
> Or you can disable
> SELinux protection altogether. Disabling SELinux protection
> is not recommended.
> Please file a bug report
> (http://bugzilla.redhat.com/bugzilla/enter_bug.cgi)
> against this package.
> 
> Additional Information:
> 
> Source Context               
> unconfined_u:system_r:dhcpc_t:SystemLow-SystemHigh
> Target Context                system_u:object_r:net_conf_t
> Target Objects                network-scripts [ dir ]
> Source                        dhclient-script
> Source Path                   /bin/bash
> Port                          <Unknown>
> Host                          localhost
> Source RPM Packages           bash-4.0-0.4.rc1.fc11
> Target RPM Packages           
> Policy RPM                    selinux-policy-3.6.6-1.fc11
> Selinux Enabled               True
> Policy Type                   targeted
> MLS Enabled                   True
> Enforcing Mode                Enforcing
> Plugin Name                   catchall_file
> Host Name                     localhost
> Platform                      Linux localhost
> 2.6.29-0.124.rc5.fc11.i586 #1 SMP
>                               Mon Feb 16 21:15:37 EST 2009
> i686 athlon
> Alert Count                   3
> First Seen                    Tue 17 Feb 2009 09:32:55 AM
> CST
> Last Seen                     Tue 17 Feb 2009 09:33:55 AM
> CST
> Local ID                     
> 878e2548-4687-45f0-8115-d40144370614
> Line Numbers                  
> 
> Raw Audit Messages            
> 
> node=localhost type=AVC msg=audit(1234884835.408:131): avc:
>  denied  { search } for  pid=11969
> comm="dhclient-script"
> name="network-scripts" dev=dm-0 ino=28344324
> scontext=unconfined_u:system_r:dhcpc_t:s0-s0:c0.c1023
> tcontext=system_u:object_r:net_conf_t:s0 tclass=dir
> 
> node=localhost type=SYSCALL msg=audit(1234884835.408:131):
> arch=40000003 syscall=195 success=no exit=-13 a0=8463100
> a1=bfb25c2c a2=b45ff4 a3=8463102 items=0 ppid=11968
> pid=11969 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0
> sgid=0 fsgid=0 tty=pts1 ses=1
> comm="dhclient-script" exe="/bin/bash"
> subj=unconfined_u:system_r:dhcpc_t:s0-s0:c0.c1023 key=(null)
> 
> 
> I applied it, but did not work :(
> 
> restorecon -v 'network-scripts'
> 
> 
> Regards,
> 
> Antonio 
> 
> 
>       
> 
> -- 

The network does not start anymore and I do not know what is wrong, it is not selinux blocking it, because the fix does not work :(, there might be something wrong with the original network scripts :(, booting hanged, I had to boot into level 1 and chkconfig network off, in order to boot :(

[root@localhost ~]# rpm -qa initscripts*
initscripts-8.89-1.i386                 
You have new mail in /var/spool/mail/root
[root@localhost ~]# service network status
Configured devices:
lo eth0 eth1
Currently active devices:
lo
[root@localhost ~]# service network restart
Shutting down loopback interface:                          [  OK  ]
Disabling IPv4 packet forwarding:  net.ipv4.ip_forward = 0
                                                           [  OK  ]
Bringing up loopback interface:                            [  OK  ]
Bringing up interface eth0:
Determining IP information for eth0...^C
[root@localhost ~]# cat /etc/resolv.conf
; generated by /sbin/dhclient-script
nameserver 10.128.0.4
nameserver 10.154.16.130
nameserver 10.128.0.129
[root@localhost ~]# ifconfig eth0 10.154.19.210 netmask 255.255.255.0
[root@localhost ~]# route add default gateway 10.154.19.1

The other two machines use NetworkManager and there are no problems to report there :)

There is something wrong should I open a bugreport, unless someone has beated me to it :)

Regards,

Antonio 


      

--
fedora-selinux-list mailing list
fedora-selinux-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/fedora-selinux-list

[Index of Archives]     [Fedora Users]     [Fedora Desktop]     [Big List of Linux Books]     [Yosemite News]     [Yosemite Campsites]     [KDE Users]     [Gnome Users]

  Powered by Linux