AVC from dhclient on boot....
Daniel J Walsh
dwalsh at redhat.com
Mon Jun 4 13:44:02 UTC 2007
Tom London wrote:
> On 6/2/07, Tom London <selinux at gmail.com> wrote:
>> Seeing this for the last few days on Rawhide:
>>
>> Jun 2 12:24:36 localhost kernel: e1000: eth0: e1000_watchdog: NIC
>> Link is Up 100 Mbps Full Duplex, Flow Control: RX/TX
>> Jun 2 12:24:36 localhost kernel: e1000: eth0: e1000_watchdog: 10/100
>> speed: disabling TSO
>> Jun 2 12:24:36 localhost kernel: audit(1180812265.018:8): avc:
>> denied { getattr } for pid=2101 comm="dhclient-script"
>> name="setfiles" dev=dm-0 ino=11337869
>> scontext=system_u:system_r:dhcpc_t:s0
>> tcontext=system_u:object_r:setfiles_exec_t:s0 tclass=file
>>
>> Not sure where this comes from.
>>
>> There is a call to 'cp -fp', could that be it?
>>
> BZ'd here: https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=242259
>
setfiles/restorecon now share the same context setfiles_exec_t. dhcpc
is executing restorecon in some of its scripts, I would guess.
There is a major policy update for Rawhide, that I have been working on
that should fix these problems. (Merging Strict/Targeted policy). But
it might break other stuff so I am trying to work out the major bugs.
More information about the fedora-selinux-list
mailing list