a few more problem with the latest policy

Farkas Levente lfarkas at bppiac.hu
Fri Jul 15 15:53:50 UTC 2005 

Farkas Levente wrote:
> Daniel J Walsh wrote:
> 
>> Farkas Levente wrote:
>>
>>> hi,
>>> a few problem with the latest policy file.
>>> allow dhcpc_t etc_t:file { unlink write };
>>
>>
>>
>> restorecon /etc/resolv.conf*
> 
> 
> there is a few more strange thing. first of all there is no restorecon, 
> os i install policycoreutils (but it cna be another bug since how is it 
> possible that policycoreutils is not among the required packages?) 
> anyway this do not change anything so probaly this won't solve the problem:
> -----------------------------------------
> [root at eagle ~]# ls -aZ /etc/resolv.conf*
> -rw-rw-r--  root     root /etc/resolv.conf
> -rw-rw-r--  root     root     user_u:object_r:file_t /etc/resolv.conf.bak
> -rw-rw-r--  root     root     user_u:object_r:file_t 
> /etc/resolv.conf.predhclient
> [root at eagle ~]# restorecon /etc/resolv.conf*
> [root at eagle ~]# ls -aZ /etc/resolv.conf*
> -rw-rw-r--  root     root /etc/resolv.conf
> -rw-rw-r--  root     root     user_u:object_r:file_t /etc/resolv.conf.bak
> -rw-rw-r--  root     root     user_u:object_r:file_t 
> /etc/resolv.conf.predhclient
> -----------------------------------------

forget about this part (this was on an other machine:-()

>>> allow ifconfig_t initrc_t:udp_socket { read write };
>>
>>
>>
>> No idea what is causing this.
> 
> 
> when i got it i issue an ifdown eth0; ifup eth0 and from the log file it 
> seems there is an awk somewhere in ifdown of ifup...
> 
>>> ------------------------------------------
>>> and here is the relevant part of the log file
>>> ------------------------------------------
>>> audit(1121423510.841:2): avc:  denied  { read write } for  pid=2215 
>>> comm="ip" name="[6542]" dev=sockfs ino=6542 
>>> scontext=system_u:system_r:ifconfig_t 
>>> tcontext=system_u:system_r:initrc_t tclass=udp_socket
>>> audit(1121423510.846:3): avc:  denied  { read write } for  pid=2218 
>>> comm="ip" name="[6542]" dev=sockfs ino=6542 
>>> scontext=system_u:system_r:ifconfig_t 
>>> tcontext=system_u:system_r:initrc_t tclass=udp_socket
>>> audit(1121423655.473:4): avc:  denied  { write } for  pid=2888 
>>> comm="cp" name="resolv.conf.predhclient" dev=hda2 ino=3997781 
>>> scontext=root:system_r:dhcpc_t tcontext=root:object_r:etc_t tclass=file
>>> audit(1121423655.473:5): avc:  denied  { unlink } for  pid=2888 
>>> comm="cp" name="resolv.conf.predhclient" dev=hda2 ino=3997781 
>>> scontext=root:system_r:dhcpc_t tcontext=root:object_r:etc_t tclass=file
>>> audit(1121423736.907:6): avc:  denied  { ioctl } for  pid=2982 
>>> comm="awk" name="state" dev=proc ino=-268434831 
>>> scontext=system_u:system_r:apmd_t tcontext=system_u:object_r:proc_t 
>>> tclass=file
>>> ------------------------------------------
>>> yours.
>>>
>>
>>
> 
> 


-- 
   Levente                               "Si vis pacem para bellum!"

More information about the fedora-selinux-list mailing list