selinux and ppp

Daniel J Walsh dwalsh at redhat.com
Thu Apr 8 03:43:39 UTC 2004 

bastard operater wrote:

> Thank you all for your suggestions. When I setenforce=0 I can connect 
> to the internet. For those interested in messages here they are. I am 
> using policy-1.9.2-9.
>
> Apr 4 09:31:39 excalibur kernel: audit(1081089099.311:0): avc: granted 
> { setenforce } for pid=1782 exe=/usr/bin/setenforce 
> scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:security_t 
> tclass=security
> Apr 4 09:31:44 excalibur kernel: audit(1081089104.072:0): avc: denied 
> { getattr } for pid=1783 exe=/usr/sbin/pppd path=/dev/tty1 dev=sdb2 
> ino=870615 scontext=root:system_r:pppd_t 
> tcontext=root:object_r:sysadm_tty_device_t tclass=chr_file
> Apr 4 09:31:44 excalibur pppd[1784]: pppd 2.4.1 started by root, uid 0
> Apr 4 09:31:45 excalibur kernel: audit(1081089105.077:0): avc: denied 
> { append } for pid=1785 exe=/usr/sbin/pppd name=connect-errors 
> dev=sdb2 ino=32552 scontext=root:system_r:pppd_t 
> tcontext=system_u:object_r:pppd_etc_t tclass=file
> Apr 4 09:31:45 excalibur kernel: audit(1081089105.081:0): avc: denied 
> { execute } for pid=1785 exe=/bin/bash name=ppp-on-dialer dev=sdb2 
> ino=32702 scontext=root:system_r:pppd_t 
> tcontext=system_u:object_r:pppd_etc_rw_t tclass=file
> Apr 4 09:31:45 excalibur kernel: audit(1081089105.081:0): avc: denied 
> { execute_no_trans } for pid=1785 exe=/bin/bash 
> path=/etc/ppp/ppp-on-dialer dev=sdb2 ino=32702 
> scontext=root:system_r:pppd_t tcontext=system_u:object_r:pppd_etc_rw_t 
> tclass=file
>
> The connect script runs and connects to the internet.
>
> Apr 4 09:32:24 excalibur kernel: audit(1081089144.819:0): avc: denied 
> { execute } for pid=1805 exe=/usr/sbin/pppd name=ip-up dev=sdb2 
> ino=32586 scontext=root:system_r:pppd_t 
> tcontext=system_u:object_r:pppd_etc_t tclass=file
> Apr 4 09:32:24 excalibur kernel: audit(1081089144.819:0): avc: denied 
> { execute_no_trans } for pid=1805 exe=/usr/sbin/pppd 
> path=/etc/ppp/ip-up dev=sdb2 ino=32586 scontext=root:system_r:pppd_t 
> tcontext=system_u:object_r:pppd_etc_t tclass=file
>
> Thank you for help.
>
> Jason
>
The latest policy should be able to handle this in enforcing mode.

1.10.1-3

> _________________________________________________________________
> FREE pop-up blocking with the new MSN Toolbar – get it now! 
> http://toolbar.msn.com/go/onm00200415ave/direct/01/
>
>

More information about the fedora-test-list mailing list