SELinux is preventing ifup-eth (udev_t) "getattr" to /etc/dhclient-eth1.conf (dhcp_etc_t).
Matthew Saltzman
mjs at CLEMSON.EDU
Thu Jun 14 16:15:43 UTC 2007
I occasionally have to remove and re-insert my ipw2200 driver module.
Every time I do, the following is generated:
SELinux denied access requested by ifup-eth. It is not expected that
this access is required by ifup-eth and this access may signal an
intrusion attempt. It is also possible that the specific version or
configuration of the application is causing it to require additional
access.
Source Context: system_u:system_r:udev_t:SystemLow-SystemHigh
Target Context: system_u:object_r:dhcp_etc_t
Target Objects: /etc/dhclient-eth1.conf [ file ]
Affected RPM Packages:
Policy RPM: selinux-policy-2.6.4-13.fc7
Selinux Enabled: True
Policy Type: targeted
MLS Enabled: True
Enforcing Mode: Enforcing
Plugin Name: plugins.catchall_file
Host Name: xxxxxxxxxxxxxxxxxx
Platform: Linux xxxxxxxxxxxxxxx 2.6.20-1.2952.fc6 #1 SMP Wed May 16
18:59:18 EDT 2007 i686 i686
Alert Count: 23
First Seen: Sun 10 Jun 2007 03:15:44 AM EDT
Last Seen: Wed 13 Jun 2007 09:30:46 PM EDT
Local ID: 244d5474-af72-4c98-8d63-2e3a43c9457a
Line Numbers:
Raw Audit Messages :
avc: denied { getattr } for comm="ifup-eth" dev=dm-0 egid=0 euid=0
exe="/bin/bash" exit=-13 fsgid=0 fsuid=0 gid=0 items=0
name="dhclient-eth1.conf" path="/etc/dhclient-eth1.conf" pid=11020
scontext=system_u:system_r:udev_t:s0-s0:c0.c1023 sgid=0
subj=system_u:system_r:udev_t:s0-s0:c0.c1023 suid=0 tclass=file
tcontext=system_u:object_r:dhcp_etc_t:s0 tty=(none) uid=0
Thanks.
More information about the fedora-selinux-list
mailing list