network-scripts problem
Daniel J Walsh
dwalsh at redhat.com
Fri Feb 20 16:48:47 UTC 2009
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Antonio Olivares wrote:
>
>
> --- On Tue, 2/17/09, Antonio Olivares <olivares14031 at yahoo.com> wrote:
>
>> From: Antonio Olivares <olivares14031 at yahoo.com>
>> Subject: network-scripts problem
>> To: fedora-list at redhat.com
>> Cc: fedora-selinux-list at redhat.com
>> Date: Tuesday, February 17, 2009, 7:43 AM
>> Dear fellow testers,
>>
>> I encountered network functions/network-scripts problem :(
>>
>> [root at localhost ~]# dhclient eth0
>> Missing /etc/sysconfig/network-scripts/network-functions,
>> exiting.
>> Missing /etc/sysconfig/network-scripts/network-functions,
>> exiting.
>> Missing /etc/sysconfig/network-scripts/network-functions,
>> exiting.
>> ^C
>>
>> [root at localhost ~]# restorecon -v 'network-scripts'
>>
>> restorecon: stat error on network-scripts: No such file
>> or directory
>> [root at localhost ~]# restorecon -v network-scripts
>> restorecon: stat error on network-scripts: No such file
>> or directory
>> [root at localhost ~]# dhclient eth0
>> Missing /etc/sysconfig/network-scripts/network-functions,
>> exiting.
>> ^C
>>
>> You have new mail in /var/spool/mail/root
>>
>> [root at localhost ~]# service network status
>>
>> Configured devices:
>>
>> lo eth0 eth1
>>
>> Currently active devices:
>> lo eth1 eth0
>> [root at localhost ~]# service network restart
>> Shutting down interface eth0:
>> [ OK ]
>> Shutting down interface eth1:
>> [ OK ]
>> Shutting down loopback interface:
>> [ OK ]
>> Disabling IPv4 packet forwarding: net.ipv4.ip_forward = 0
>>
>> [ OK ]
>> Bringing up loopback interface:
>> [ OK ]
>> Bringing up interface eth0:
>> Determining IP information for eth0...Missing
>> /etc/sysconfig/network-scripts/network-functions, exiting.
>> ^C
>>
>> Got also greeted by selinux alert:
>>
>>
>> Summary:
>>
>> SELinux is preventing dhclient-script (dhcpc_t)
>> "search" to network-scripts
>> (net_conf_t).
>>
>> Detailed Description:
>>
>> SELinux denied access requested by dhclient-script. It is
>> not expected that this
>> access is required by dhclient-script and this access may
>> signal an intrusion
>> attempt. It is also possible that the specific version or
>> configuration of the
>> application is causing it to require additional access.
>>
>> Allowing Access:
>>
>> Sometimes labeling problems can cause SELinux denials. You
>> could try to restore
>> the default system file context for network-scripts,
>>
>> restorecon -v 'network-scripts'
>>
>> If this does not work, there is currently no automatic way
>> to allow this access.
>> Instead, you can generate a local policy module to allow
>> this access - see FAQ
>> (http://fedora.redhat.com/docs/selinux-faq-fc5/#id2961385)
>> Or you can disable
>> SELinux protection altogether. Disabling SELinux protection
>> is not recommended.
>> Please file a bug report
>> (http://bugzilla.redhat.com/bugzilla/enter_bug.cgi)
>> against this package.
>>
>> Additional Information:
>>
>> Source Context
>> unconfined_u:system_r:dhcpc_t:SystemLow-SystemHigh
>> Target Context system_u:object_r:net_conf_t
>> Target Objects network-scripts [ dir ]
>> Source dhclient-script
>> Source Path /bin/bash
>> Port <Unknown>
>> Host localhost
>> Source RPM Packages bash-4.0-0.4.rc1.fc11
>> Target RPM Packages
>> Policy RPM selinux-policy-3.6.6-1.fc11
>> Selinux Enabled True
>> Policy Type targeted
>> MLS Enabled True
>> Enforcing Mode Enforcing
>> Plugin Name catchall_file
>> Host Name localhost
>> Platform Linux localhost
>> 2.6.29-0.124.rc5.fc11.i586 #1 SMP
>> Mon Feb 16 21:15:37 EST 2009
>> i686 athlon
>> Alert Count 3
>> First Seen Tue 17 Feb 2009 09:32:55 AM
>> CST
>> Last Seen Tue 17 Feb 2009 09:33:55 AM
>> CST
>> Local ID
>> 878e2548-4687-45f0-8115-d40144370614
>> Line Numbers
>>
>> Raw Audit Messages
>>
>> node=localhost type=AVC msg=audit(1234884835.408:131): avc:
>> denied { search } for pid=11969
>> comm="dhclient-script"
>> name="network-scripts" dev=dm-0 ino=28344324
>> scontext=unconfined_u:system_r:dhcpc_t:s0-s0:c0.c1023
>> tcontext=system_u:object_r:net_conf_t:s0 tclass=dir
>>
>> node=localhost type=SYSCALL msg=audit(1234884835.408:131):
>> arch=40000003 syscall=195 success=no exit=-13 a0=8463100
>> a1=bfb25c2c a2=b45ff4 a3=8463102 items=0 ppid=11968
>> pid=11969 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0
>> sgid=0 fsgid=0 tty=pts1 ses=1
>> comm="dhclient-script" exe="/bin/bash"
>> subj=unconfined_u:system_r:dhcpc_t:s0-s0:c0.c1023 key=(null)
>>
>>
>> I applied it, but did not work :(
>>
>> restorecon -v 'network-scripts'
>>
>>
>> Regards,
>>
>> Antonio
>>
>>
>>
>>
>> --
>
> The network does not start anymore and I do not know what is wrong, it is not selinux blocking it, because the fix does not work :(, there might be something wrong with the original network scripts :(, booting hanged, I had to boot into level 1 and chkconfig network off, in order to boot :(
>
> [root at localhost ~]# rpm -qa initscripts*
> initscripts-8.89-1.i386
> You have new mail in /var/spool/mail/root
> [root at localhost ~]# service network status
> Configured devices:
> lo eth0 eth1
> Currently active devices:
> lo
> [root at localhost ~]# service network restart
> Shutting down loopback interface: [ OK ]
> Disabling IPv4 packet forwarding: net.ipv4.ip_forward = 0
> [ OK ]
> Bringing up loopback interface: [ OK ]
> Bringing up interface eth0:
> Determining IP information for eth0...^C
> [root at localhost ~]# cat /etc/resolv.conf
> ; generated by /sbin/dhclient-script
> nameserver 10.128.0.4
> nameserver 10.154.16.130
> nameserver 10.128.0.129
> [root at localhost ~]# ifconfig eth0 10.154.19.210 netmask 255.255.255.0
> [root at localhost ~]# route add default gateway 10.154.19.1
>
> The other two machines use NetworkManager and there are no problems to report there :)
>
> There is something wrong should I open a bugreport, unless someone has beated me to it :)
>
> Regards,
>
> Antonio
>
>
>
>
Any avc messages?
These is some new labeling in /etc/sysconfig/network-scripts
that is potentially causing the problem.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)
Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org
iEYEARECAAYFAkme3u8ACgkQrlYvE4MpobOzFACgsjzpw4cnKAg56IUZqHAIx7my
OegAn1bfuInAYjYii2DrWQc32nV+nnLr
=k6jx
-----END PGP SIGNATURE-----
More information about the fedora-list
mailing list