network-scripts problem

Rick Stevens ricks at nerd.com
Tue Feb 17 18:06:48 UTC 2009 

Daniel J Walsh wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
> 
> Antonio Olivares wrote:
>> Dear fellow testers, 
>>
>> I encountered network functions/network-scripts problem :(
>>
>> [root at localhost ~]# dhclient eth0
>> Missing /etc/sysconfig/network-scripts/network-functions, exiting.
>> Missing /etc/sysconfig/network-scripts/network-functions, exiting.
>> Missing /etc/sysconfig/network-scripts/network-functions, exiting.
>> ^C                                                                
>> [root at localhost ~]# restorecon -v 'network-scripts'               
>> restorecon:  stat error on network-scripts:  No such file or directory
>> [root at localhost ~]# restorecon -v network-scripts
>> restorecon:  stat error on network-scripts:  No such file or directory
>> [root at localhost ~]# dhclient eth0                   
>> Missing /etc/sysconfig/network-scripts/network-functions, exiting.
>> ^C                                                                
>> You have new mail in /var/spool/mail/root                         
>> [root at localhost ~]# service network status                        
>> Configured devices:                                               
>> lo eth0 eth1                                                      
>> Currently active devices:
>> lo eth1 eth0
>> [root at localhost ~]# service network restart
>> Shutting down interface eth0:                              [  OK  ]
>> Shutting down interface eth1:                              [  OK  ]
>> Shutting down loopback interface:                          [  OK  ]
>> Disabling IPv4 packet forwarding:  net.ipv4.ip_forward = 0
>>                                                            [  OK  ]
>> Bringing up loopback interface:                            [  OK  ]
>> Bringing up interface eth0:
>> Determining IP information for eth0...Missing /etc/sysconfig/network-scripts/network-functions, exiting.
>> ^C
>>
>> Got also greeted by selinux alert:
>>
>>
>> Summary:
>>
>> SELinux is preventing dhclient-script (dhcpc_t) "search" to network-scripts
>> (net_conf_t).
>>
>> Detailed Description:
>>
>> SELinux denied access requested by dhclient-script. It is not expected that this
>> access is required by dhclient-script and this access may signal an intrusion
>> attempt. It is also possible that the specific version or configuration of the
>> application is causing it to require additional access.
>>
>> Allowing Access:
>>
>> Sometimes labeling problems can cause SELinux denials. You could try to restore
>> the default system file context for network-scripts,
>>
>> restorecon -v 'network-scripts'
>>
>> If this does not work, there is currently no automatic way to allow this access.
>> Instead, you can generate a local policy module to allow this access - see FAQ
>> (http://fedora.redhat.com/docs/selinux-faq-fc5/#id2961385) Or you can disable
>> SELinux protection altogether. Disabling SELinux protection is not recommended.
>> Please file a bug report (http://bugzilla.redhat.com/bugzilla/enter_bug.cgi)
>> against this package.
>>
>> Additional Information:
>>
>> Source Context                unconfined_u:system_r:dhcpc_t:SystemLow-SystemHigh
>> Target Context                system_u:object_r:net_conf_t
>> Target Objects                network-scripts [ dir ]
>> Source                        dhclient-script
>> Source Path                   /bin/bash
>> Port                          <Unknown>
>> Host                          localhost
>> Source RPM Packages           bash-4.0-0.4.rc1.fc11
>> Target RPM Packages           
>> Policy RPM                    selinux-policy-3.6.6-1.fc11
>> Selinux Enabled               True
>> Policy Type                   targeted
>> MLS Enabled                   True
>> Enforcing Mode                Enforcing
>> Plugin Name                   catchall_file
>> Host Name                     localhost
>> Platform                      Linux localhost 2.6.29-0.124.rc5.fc11.i586 #1 SMP
>>                               Mon Feb 16 21:15:37 EST 2009 i686 athlon
>> Alert Count                   3
>> First Seen                    Tue 17 Feb 2009 09:32:55 AM CST
>> Last Seen                     Tue 17 Feb 2009 09:33:55 AM CST
>> Local ID                      878e2548-4687-45f0-8115-d40144370614
>> Line Numbers                  
>>
>> Raw Audit Messages            
>>
>> node=localhost type=AVC msg=audit(1234884835.408:131): avc:  denied  { search } for  pid=11969 comm="dhclient-script" name="network-scripts" dev=dm-0 ino=28344324 scontext=unconfined_u:system_r:dhcpc_t:s0-s0:c0.c1023 tcontext=system_u:object_r:net_conf_t:s0 tclass=dir
>>
>> node=localhost type=SYSCALL msg=audit(1234884835.408:131): arch=40000003 syscall=195 success=no exit=-13 a0=8463100 a1=bfb25c2c a2=b45ff4 a3=8463102 items=0 ppid=11968 pid=11969 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts1 ses=1 comm="dhclient-script" exe="/bin/bash" subj=unconfined_u:system_r:dhcpc_t:s0-s0:c0.c1023 key=(null)
>>
>>
>> I applied it, but did not work :(
>>
>> restorecon -v 'network-scripts'
>>
>>
>> Regards,
>>
>> Antonio 
>>
>>
>>       
>>
> Grab the latest policy out of koji.  this should be fixed.

That's irrelevant if the network-scripts file is missing (which his
error messages indicate).

Antonio, somehow you killed a HUGE part of the network setup stuff.
You'll need to reinstall the initscripts RPM to get it back.
----------------------------------------------------------------------
- Rick Stevens, Systems Engineer                      ricks at nerd.com -
- AIM/Skype: therps2        ICQ: 22643734            Yahoo: origrps2 -
-                                                                    -
-   To err is human.  To forgive, a large sum of money is needed.    -
----------------------------------------------------------------------

More information about the fedora-list mailing list