NetworkManager: minor nit
Daniel J Walsh
dwalsh at redhat.com
Wed Aug 24 15:31:31 UTC 2005
Tom London wrote:
> Running targeted/enforcing, latest rawhide.
>
> I get the following AVC during boot:
>
> type=AVC msg=audit(1124890934.835:9): avc: denied { read } for
> pid=2734 comm="dhcdbd" name="dhclient-eth0.conf " dev=dm-0 ino=1276472
> scontext=system_u:system_r:NetworkManager_t
> tcontext=system_u:object_r:dhcp_etc_t tclass=file
> type=SYSCALL msg=audit(1124890934.835:9): arch=40000003 syscall=33
> success=no exit=-13 a0=bf9c1d48 a1=4 a2=bf9c21c8 a3=bf9c1d48 items=1
> pid=2734 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0
> sgid=0 fsgid=0 comm="dhcdbd" exe="/sbin/dhcdbd"
> type=CWD msg=audit(1124890934.835:9): cwd="/"
> type=PATH msg=audit(1124890934.835:9): item=0
> name="/etc/dhclient-eth0.conf" flags=401 inode=1276472 dev=fd:00
> mode=0100644 ouid=0 ogid=0 rdev=00:00
>
> I have 2 files in /etc: /etc/dhclient-eth[01].conf, both are zero
> length, and both are labeled dhcp_etc_t.
>
> Changing the label for /sbin/dhcdbd from sbin_t -> dhcpc_exec_t makes
> this AVC vanish.
>
This is the correct change.
> Would it be 'better' to just add:
> allow NetworkManager_t dhcp_etc_t:file read;
> ?
>
> tom
> --
> Tom London
>
>------------------------------------------------------------------------
>
>--
>fedora-selinux-list mailing list
>fedora-selinux-list at redhat.com
>http://www.redhat.com/mailman/listinfo/fedora-selinux-list
>
--
More information about the fedora-selinux-list
mailing list