--- On Tue, 2/17/09, Antonio Olivares <olivares14031@xxxxxxxxx> wrote: > From: Antonio Olivares <olivares14031@xxxxxxxxx> > Subject: network-scripts problem > To: fedora-list@xxxxxxxxxx > Cc: fedora-selinux-list@xxxxxxxxxx > Date: Tuesday, February 17, 2009, 7:43 AM > Dear fellow testers, > > I encountered network functions/network-scripts problem :( > > [root@localhost ~]# dhclient eth0 > Missing /etc/sysconfig/network-scripts/network-functions, > exiting. > Missing /etc/sysconfig/network-scripts/network-functions, > exiting. > Missing /etc/sysconfig/network-scripts/network-functions, > exiting. > ^C > > [root@localhost ~]# restorecon -v 'network-scripts' > > restorecon: stat error on network-scripts: No such file > or directory > [root@localhost ~]# restorecon -v network-scripts > restorecon: stat error on network-scripts: No such file > or directory > [root@localhost ~]# dhclient eth0 > Missing /etc/sysconfig/network-scripts/network-functions, > exiting. > ^C > > You have new mail in /var/spool/mail/root > > [root@localhost ~]# service network status > > Configured devices: > > lo eth0 eth1 > > Currently active devices: > lo eth1 eth0 > [root@localhost ~]# service network restart > Shutting down interface eth0: > [ OK ] > Shutting down interface eth1: > [ OK ] > Shutting down loopback interface: > [ OK ] > Disabling IPv4 packet forwarding: net.ipv4.ip_forward = 0 > > [ OK ] > Bringing up loopback interface: > [ OK ] > Bringing up interface eth0: > Determining IP information for eth0...Missing > /etc/sysconfig/network-scripts/network-functions, exiting. > ^C > > Got also greeted by selinux alert: > > > Summary: > > SELinux is preventing dhclient-script (dhcpc_t) > "search" to network-scripts > (net_conf_t). > > Detailed Description: > > SELinux denied access requested by dhclient-script. It is > not expected that this > access is required by dhclient-script and this access may > signal an intrusion > attempt. It is also possible that the specific version or > configuration of the > application is causing it to require additional access. > > Allowing Access: > > Sometimes labeling problems can cause SELinux denials. You > could try to restore > the default system file context for network-scripts, > > restorecon -v 'network-scripts' > > If this does not work, there is currently no automatic way > to allow this access. > Instead, you can generate a local policy module to allow > this access - see FAQ > (http://fedora.redhat.com/docs/selinux-faq-fc5/#id2961385) > Or you can disable > SELinux protection altogether. Disabling SELinux protection > is not recommended. > Please file a bug report > (http://bugzilla.redhat.com/bugzilla/enter_bug.cgi) > against this package. > > Additional Information: > > Source Context > unconfined_u:system_r:dhcpc_t:SystemLow-SystemHigh > Target Context system_u:object_r:net_conf_t > Target Objects network-scripts [ dir ] > Source dhclient-script > Source Path /bin/bash > Port <Unknown> > Host localhost > Source RPM Packages bash-4.0-0.4.rc1.fc11 > Target RPM Packages > Policy RPM selinux-policy-3.6.6-1.fc11 > Selinux Enabled True > Policy Type targeted > MLS Enabled True > Enforcing Mode Enforcing > Plugin Name catchall_file > Host Name localhost > Platform Linux localhost > 2.6.29-0.124.rc5.fc11.i586 #1 SMP > Mon Feb 16 21:15:37 EST 2009 > i686 athlon > Alert Count 3 > First Seen Tue 17 Feb 2009 09:32:55 AM > CST > Last Seen Tue 17 Feb 2009 09:33:55 AM > CST > Local ID > 878e2548-4687-45f0-8115-d40144370614 > Line Numbers > > Raw Audit Messages > > node=localhost type=AVC msg=audit(1234884835.408:131): avc: > denied { search } for pid=11969 > comm="dhclient-script" > name="network-scripts" dev=dm-0 ino=28344324 > scontext=unconfined_u:system_r:dhcpc_t:s0-s0:c0.c1023 > tcontext=system_u:object_r:net_conf_t:s0 tclass=dir > > node=localhost type=SYSCALL msg=audit(1234884835.408:131): > arch=40000003 syscall=195 success=no exit=-13 a0=8463100 > a1=bfb25c2c a2=b45ff4 a3=8463102 items=0 ppid=11968 > pid=11969 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 > sgid=0 fsgid=0 tty=pts1 ses=1 > comm="dhclient-script" exe="/bin/bash" > subj=unconfined_u:system_r:dhcpc_t:s0-s0:c0.c1023 key=(null) > > > I applied it, but did not work :( > > restorecon -v 'network-scripts' > > > Regards, > > Antonio > > > > > -- The network does not start anymore and I do not know what is wrong, it is not selinux blocking it, because the fix does not work :(, there might be something wrong with the original network scripts :(, booting hanged, I had to boot into level 1 and chkconfig network off, in order to boot :( [root@localhost ~]# rpm -qa initscripts* initscripts-8.89-1.i386 You have new mail in /var/spool/mail/root [root@localhost ~]# service network status Configured devices: lo eth0 eth1 Currently active devices: lo [root@localhost ~]# service network restart Shutting down loopback interface: [ OK ] Disabling IPv4 packet forwarding: net.ipv4.ip_forward = 0 [ OK ] Bringing up loopback interface: [ OK ] Bringing up interface eth0: Determining IP information for eth0...^C [root@localhost ~]# cat /etc/resolv.conf ; generated by /sbin/dhclient-script nameserver 10.128.0.4 nameserver 10.154.16.130 nameserver 10.128.0.129 [root@localhost ~]# ifconfig eth0 10.154.19.210 netmask 255.255.255.0 [root@localhost ~]# route add default gateway 10.154.19.1 The other two machines use NetworkManager and there are no problems to report there :) There is something wrong should I open a bugreport, unless someone has beated me to it :) Regards, Antonio -- fedora-selinux-list mailing list fedora-selinux-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/fedora-selinux-list