Further on SElinux and kismet
Daniel J Walsh
dwalsh at redhat.com
Wed Nov 19 13:24:22 UTC 2008
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
MikeC wrote:
> Some days ago I was trying to run kismet on a system with F9 running
> SElinux and kismet failed to start and complained about being unable
> to write to the file ssid_map which was in the normal user main dir.
> There was an AVC denial indicating that kismet was not permitted to access
> that file.
>
> It was suggested that I make kismet look at /var/lib/kismet instead.
>
> Having tried again this evening and changed kismet.conf so that
> %h/ was changed to /var/lib/kismet/ then kismet still fails to start and the
> terminal window gives:
>
> Will attempt to put networkmanager to sleep...
> Allowing clients to fetch WEP keys.
> WARNING: Disabling GPS logging.
> SSID cloak file did not exist, it will be created.
> FATAL: Could not open SSID track file '/var/lib/kismet/ssid_map' for writing:
> Permission denied
> Sending termination request to channel control child 3538...
> Waiting for channel control child 3538 to exit...
> WARNING: Sometimes cards don't always come out of monitor mode
> cleanly. If your card is not fully working, you may need to
> restart or reconfigure it for normal operation.
> Trying to wake networkmanager back up...
> WARNING: Failed to connect to DBUS system, will not be able to control
> networkmanager: Failed to connect to socket /var/run/dbus/system_bus_socket:
> Permission denied
> WARNING: Failed to send 'wake' command to networkmanager via DBUS, NM may still
> be inactive.Kismet exiting.
> Done.
>
> I checked the contexts:
> [root at lapmike2 kismet]# ll -Zld /var/lib/kismet
> drwxrwx--- 2 system_u:object_r:kismet_var_lib_t:s0 root kismet 4096 2008-11-18
> 20:59 /var/lib/kismet
> [root at lapmike2 kismet]# ll -Z /var/lib/kismet
> -rw-rw-rw- root root unconfined_u:object_r:kismet_var_lib_t:s0 ssid_map
>
> Any ideas how to fix this - in the above there is no AVC denial but I am
> guessing that SElinux may still be involved?
>
> --
> fedora-selinux-list mailing list
> fedora-selinux-list at redhat.com
> https://www.redhat.com/mailman/listinfo/fedora-selinux-list
Looks like kismet is trying to dbus communicate with NetworkManager, I
can add that. Some of the avc's that you submitted indicate that kismet
is trying to load kernel modules, which is not something we want to add.
> FATAL: Could not open SSID track file '/var/lib/kismet/ssid_map' for
writing:
Not sure what is causing this? Is this a regular file?
Could you send me your configuration so I could try this out?
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)
Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org
iEYEARECAAYFAkkkE4YACgkQrlYvE4MpobNxCQCfbeTojME8BHRdWkTxetN31+Ct
KrEAn0r+y5WJX7VXlUKFDB7UilmKjgG4
=61VX
-----END PGP SIGNATURE-----
More information about the fedora-selinux-list
mailing list