vmware/vmnet:
Daniel J Walsh
dwalsh at redhat.com
Thu Mar 31 03:25:30 UTC 2005
Tom London wrote:
>Running targeted/enforcing, latest rawhide.
>
>Notice the following AVC generated by VMware init sequence:
>Mar 30 06:33:35 localhost kernel: audit(1112193215.505:0): avc:
>denied { search } for pid=3690 exe=/sbin/ifconfig name=net dev=sysfs
>ino=225 scontext=user_u:system_r:ifconfig_t
>tcontext=system_u:object_r:sysfs_t tclass=dir
>Mar 30 06:33:35 localhost kernel: vmnet8: failed sysfs registration (-13)
>
>This seems to imply:
>allow ifconfig_t sysfs_t:dir search;
>
>ifconfig.te has
>domain_auto_trans(initrc_t, ifconfig_exec_t, ifconfig_t)
>
>So, should ifconfig_t be allowed the same access to sysfs_t as initrc_t, such as
>r_dir_file(ifconfig_t, sysfs_t)
>
>thanks,
> tom
>
>
Not sure that it needs this. Have you tried to allow it and seen if it
gets more AVC messages?
Or attempted to setenforce 0 to see if it asks for others.
Dan
--
More information about the fedora-selinux-list
mailing list