a few more problem with the latest policy
Farkas Levente
lfarkas at bppiac.hu
Fri Jul 15 15:53:50 UTC 2005
Farkas Levente wrote:
> Daniel J Walsh wrote:
>
>> Farkas Levente wrote:
>>
>>> hi,
>>> a few problem with the latest policy file.
>>> allow dhcpc_t etc_t:file { unlink write };
>>
>>
>>
>> restorecon /etc/resolv.conf*
>
>
> there is a few more strange thing. first of all there is no restorecon,
> os i install policycoreutils (but it cna be another bug since how is it
> possible that policycoreutils is not among the required packages?)
> anyway this do not change anything so probaly this won't solve the problem:
> -----------------------------------------
> [root at eagle ~]# ls -aZ /etc/resolv.conf*
> -rw-rw-r-- root root /etc/resolv.conf
> -rw-rw-r-- root root user_u:object_r:file_t /etc/resolv.conf.bak
> -rw-rw-r-- root root user_u:object_r:file_t
> /etc/resolv.conf.predhclient
> [root at eagle ~]# restorecon /etc/resolv.conf*
> [root at eagle ~]# ls -aZ /etc/resolv.conf*
> -rw-rw-r-- root root /etc/resolv.conf
> -rw-rw-r-- root root user_u:object_r:file_t /etc/resolv.conf.bak
> -rw-rw-r-- root root user_u:object_r:file_t
> /etc/resolv.conf.predhclient
> -----------------------------------------
forget about this part (this was on an other machine:-()
>>> allow ifconfig_t initrc_t:udp_socket { read write };
>>
>>
>>
>> No idea what is causing this.
>
>
> when i got it i issue an ifdown eth0; ifup eth0 and from the log file it
> seems there is an awk somewhere in ifdown of ifup...
>
>>> ------------------------------------------
>>> and here is the relevant part of the log file
>>> ------------------------------------------
>>> audit(1121423510.841:2): avc: denied { read write } for pid=2215
>>> comm="ip" name="[6542]" dev=sockfs ino=6542
>>> scontext=system_u:system_r:ifconfig_t
>>> tcontext=system_u:system_r:initrc_t tclass=udp_socket
>>> audit(1121423510.846:3): avc: denied { read write } for pid=2218
>>> comm="ip" name="[6542]" dev=sockfs ino=6542
>>> scontext=system_u:system_r:ifconfig_t
>>> tcontext=system_u:system_r:initrc_t tclass=udp_socket
>>> audit(1121423655.473:4): avc: denied { write } for pid=2888
>>> comm="cp" name="resolv.conf.predhclient" dev=hda2 ino=3997781
>>> scontext=root:system_r:dhcpc_t tcontext=root:object_r:etc_t tclass=file
>>> audit(1121423655.473:5): avc: denied { unlink } for pid=2888
>>> comm="cp" name="resolv.conf.predhclient" dev=hda2 ino=3997781
>>> scontext=root:system_r:dhcpc_t tcontext=root:object_r:etc_t tclass=file
>>> audit(1121423736.907:6): avc: denied { ioctl } for pid=2982
>>> comm="awk" name="state" dev=proc ino=-268434831
>>> scontext=system_u:system_r:apmd_t tcontext=system_u:object_r:proc_t
>>> tclass=file
>>> ------------------------------------------
>>> yours.
>>>
>>
>>
>
>
--
Levente "Si vis pacem para bellum!"
More information about the fedora-selinux-list
mailing list