Bug 586284
Summary: | SELinux is preventing /usr/sbin/NetworkManager "unlink" access on hosts. | ||||||
---|---|---|---|---|---|---|---|
Product: | [Fedora] Fedora | Reporter: | Davide Rossetti <davide.rossetti> | ||||
Component: | selinux-policy | Assignee: | Daniel Walsh <dwalsh> | ||||
Status: | CLOSED NOTABUG | QA Contact: | Fedora Extras Quality Assurance <extras-qa> | ||||
Severity: | medium | Docs Contact: | |||||
Priority: | low | ||||||
Version: | 12 | CC: | adrigiga, bugzilla, christian.groove, coolmilo65, dan, dwalsh, idht4n, inboxacct2, jlaska, mgrepl, msdeleonpeque, pavel.ondracka, regulatre, sarrab1976, seva, seventhguardian, uahello, v.plessky, wswilburn | ||||
Target Milestone: | --- | ||||||
Target Release: | --- | ||||||
Hardware: | x86_64 | ||||||
OS: | Linux | ||||||
Whiteboard: | setroubleshoot_trace_hash:e25d52565b3f42a728bed591c653f2fde46c981762ed9ec3db7af9d793e442ca | ||||||
Fixed In Version: | Doc Type: | Bug Fix | |||||
Doc Text: | Story Points: | --- | |||||
Clone Of: | Environment: | ||||||
Last Closed: | 2010-04-27 09:54:33 UTC | Type: | --- | ||||
Regression: | --- | Mount Type: | --- | ||||
Documentation: | --- | CRM: | |||||
Verified Versions: | Category: | --- | |||||
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |||||
Cloudforms Team: | --- | Target Upstream Version: | |||||
Embargoed: | |||||||
Attachments: |
|
Description
Davide Rossetti
2010-04-27 08:49:33 UTC
Somehow "/etc/hosts" got the wrong label on it. Execute: restorecon -v /etc/hosts Should fix. Please reopen if this happens again. This bug should be re-opened. I just loaded Fedora 14 Beta - and Ethernet conection doesn't work (disaled) I tried to re-enable it in NetworkManager - and received message similar to above. Connectin (wired) remains disabled. execution of #restorecon -v /etc/hosts doesn't bring Ethernet (wired) connection alive. [liveuser@localhost ~]$ ifconfig lo Link encap:Local Loopback inet addr:127.0.0.1 Mask:255.0.0.0 inet6 addr: ::1/128 Scope:Host UP LOOPBACK RUNNING MTU:16436 Metric:1 RX packets:12 errors:0 dropped:0 overruns:0 frame:0 TX packets:12 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:0 RX bytes:720 (720.0 b) TX bytes:720 (720.0 b) wlan0 Link encap:Ethernet HWaddr 00:13:D3:84:FE:9D inet addr:192.168.1.51 Bcast:192.168.1.255 Mask:255.255.255.0 inet6 addr: fe80::213:d3ff:fe84:fe9d/64 Scope:Link UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 RX packets:2455 errors:0 dropped:0 overruns:0 frame:0 TX packets:1920 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:1000 RX bytes:2706074 (2.5 MiB) TX bytes:239273 (233.6 KiB) [liveuser@localhost ~]$ lspci 00:00.0 Host bridge: ATI Technologies Inc RS480 Host Bridge (rev 10) 00:01.0 PCI bridge: ATI Technologies Inc RS480 PCI Bridge 00:06.0 PCI bridge: ATI Technologies Inc RS480 PCI Bridge 00:07.0 PCI bridge: ATI Technologies Inc RS480 PCI Bridge 00:12.0 IDE interface: ATI Technologies Inc IXP SB400 Serial ATA Controller (rev 80) 00:13.0 USB Controller: ATI Technologies Inc IXP SB400 USB Host Controller (rev 80) 00:13.1 USB Controller: ATI Technologies Inc IXP SB400 USB Host Controller (rev 80) 00:13.2 USB Controller: ATI Technologies Inc IXP SB400 USB2 Host Controller (rev 80) 00:14.0 SMBus: ATI Technologies Inc IXP SB400 SMBus Controller (rev 83) 00:14.1 IDE interface: ATI Technologies Inc IXP SB400 IDE Controller (rev 80) 00:14.2 Audio device: ATI Technologies Inc IXP SB4x0 High Definition Audio Controller (rev 01) 00:14.3 ISA bridge: ATI Technologies Inc IXP SB400 PCI-ISA Bridge (rev 80) 00:14.4 PCI bridge: ATI Technologies Inc IXP SB400 PCI-PCI Bridge (rev 80) 00:18.0 Host bridge: Advanced Micro Devices [AMD] K8 [Athlon64/Opteron] HyperTransport Technology Configuration 00:18.1 Host bridge: Advanced Micro Devices [AMD] K8 [Athlon64/Opteron] Address Map 00:18.2 Host bridge: Advanced Micro Devices [AMD] K8 [Athlon64/Opteron] DRAM Controller 00:18.3 Host bridge: Advanced Micro Devices [AMD] K8 [Athlon64/Opteron] Miscellaneous Control 01:05.0 VGA compatible controller: ATI Technologies Inc RS482 [Radeon Xpress 200M] 04:00.0 Ethernet controller: Realtek Semiconductor Co., Ltd. RTL8111/8168B PCI Express Gigabit Ethernet controller (rev 01) 05:04.0 FireWire (IEEE 1394): O2 Micro, Inc. Firewire (IEEE 1394) (rev 02) 05:04.2 SD Host controller: O2 Micro, Inc. Integrated MMC/SD Controller (rev 01) 05:04.3 Mass storage controller: O2 Micro, Inc. Integrated MS/xD Controller (rev 01) 05:09.0 Network controller: RaLink RT2500 802.11g (rev 01) [liveuser@localhost ~]$ lspci 00:00.0 Host bridge: ATI Technologies Inc RS480 Host Bridge (rev 10) 00:01.0 PCI bridge: ATI Technologies Inc RS480 PCI Bridge 00:06.0 PCI bridge: ATI Technologies Inc RS480 PCI Bridge 00:07.0 PCI bridge: ATI Technologies Inc RS480 PCI Bridge 00:12.0 IDE interface: ATI Technologies Inc IXP SB400 Serial ATA Controller (rev 80) 00:13.0 USB Controller: ATI Technologies Inc IXP SB400 USB Host Controller (rev 80) 00:13.1 USB Controller: ATI Technologies Inc IXP SB400 USB Host Controller (rev 80) 00:13.2 USB Controller: ATI Technologies Inc IXP SB400 USB2 Host Controller (rev 80) 00:14.0 SMBus: ATI Technologies Inc IXP SB400 SMBus Controller (rev 83) 00:14.1 IDE interface: ATI Technologies Inc IXP SB400 IDE Controller (rev 80) 00:14.2 Audio device: ATI Technologies Inc IXP SB4x0 High Definition Audio Controller (rev 01) 00:14.3 ISA bridge: ATI Technologies Inc IXP SB400 PCI-ISA Bridge (rev 80) 00:14.4 PCI bridge: ATI Technologies Inc IXP SB400 PCI-PCI Bridge (rev 80) 00:18.0 Host bridge: Advanced Micro Devices [AMD] K8 [Athlon64/Opteron] HyperTransport Technology Configuration 00:18.1 Host bridge: Advanced Micro Devices [AMD] K8 [Athlon64/Opteron] Address Map 00:18.2 Host bridge: Advanced Micro Devices [AMD] K8 [Athlon64/Opteron] DRAM Controller 00:18.3 Host bridge: Advanced Micro Devices [AMD] K8 [Athlon64/Opteron] Miscellaneous Control 01:05.0 VGA compatible controller: ATI Technologies Inc RS482 [Radeon Xpress 200M] 04:00.0 Ethernet controller: Realtek Semiconductor Co., Ltd. RTL8111/8168B PCI Express Gigabit Ethernet controller (rev 01) 05:04.0 FireWire (IEEE 1394): O2 Micro, Inc. Firewire (IEEE 1394) (rev 02) 05:04.2 SD Host controller: O2 Micro, Inc. Integrated MMC/SD Controller (rev 01) 05:04.3 Mass storage controller: O2 Micro, Inc. Integrated MS/xD Controller (rev 01) 05:09.0 Network controller: RaLink RT2500 802.11g (rev 01) [liveuser@localhost ~]$ nm-tool NetworkManager Tool State: connected - Device: eth0 ----------------------------------------------------------------- Type: Wired Driver: r8169 State: unavailable Default: no HW Address: 00:16:17:51:9A:1D Capabilities: Carrier Detect: yes Speed: 100 Mb/s Wired Properties Carrier: off - Device: wlan0 [Auto dd-wrt] ------------------------------------------------- Type: 802.11 WiFi Driver: rt2500pci State: connected Default: yes HW Address: 00:13:D3:84:FE:9D Capabilities: Speed: 18 Mb/s Wireless Properties WEP Encryption: yes WPA Encryption: yes WPA2 Encryption: yes Wireless Access Points (* = current AP) *dd-wrt: Infra, 00:1B:FC:91:83:4C, Freq 2412 MHz, Rate 54 Mb/s, Strength 100 WPA2 dlink: Infra, 00:26:5A:32:B7:39, Freq 2437 MHz, Rate 54 Mb/s, Strength 54 WPA pantherx: Infra, 00:1C:C5:D8:34:8C, Freq 2462 MHz, Rate 54 Mb/s, Strength 44 WEP IPv4 Settings: Address: 192.168.1.51 Prefix: 24 (255.255.255.0) Gateway: 192.168.1.2 DNS: 192.168.1.2 ----------------- As you see, there is an Ethernet adapter, but connection is not available On the other hand - Wi-Fi cnection is working. Are you seeing AVC messages within /var/log/audit/audit.log or /var/log/messages? good question. gedit crashes when I attempt to open audit.log [root@localhost liveuser]# cd /var/log/audit [root@localhost audit]# gedit audit.log ** (gedit:3119): WARNING **: AT-SPI: Accessibility bus not found - Using session bus. ** (gedit:3119): WARNING **: AT-SPI: Couldn't connect to bus: Did not receive a reply. Possible causes include: the remote application did not send a reply, the message bus security policy blocked the reply, the reply timeout expired, or the network connection was broken. (gedit:3119): EggSMClient-WARNING **: Failed to connect to the session manager: None of the authentication protocols specified are supported ** GLib-GIO:ERROR:gdbusconnection.c:2170:initable_init: assertion failed: (connection->initialization_error == NULL) Aborted (core dumped) Created attachment 451292 [details]
/var/log/audit/audit.log (uploaded to another PC via FTP)
I may to add that today I see wired Ethernet connection in NetworkManager.
Besides, I can disable it and re-enable (Auto eth0)
What I did different comparing to yesterday?
I booted this computer to Windows (XP) in the morning, and later booted to Fedora 14 Beta from Live USB stick.
It seems current version of Fedora 14 (Beta) doesn't initialize correctly wired interface on boot (in some cases).
No AVC's in the log file. So I don't think SELinux is blocking it. Trying to open a ticket, it took me here as a duplicate, not sure if it's related but... Summary: SELinux is preventing /usr/sbin/NetworkManager "unlink" access on /etc/NetworkManager/NetworkManager.conf. Detailed Description: SELinux denied access requested by NetworkManager. It is not expected that this access is required by NetworkManager and this access may signal an intrusion attempt. It is also possible that the specific version or configuration of the application is causing it to require additional access. Allowing Access: You can generate a local policy module to allow this access - see FAQ (http://docs.fedoraproject.org/selinux-faq-fc5/#id2961385) Please file a bug report. Additional Information: Source Context system_u:system_r:NetworkManager_t:s0 Target Context system_u:object_r:etc_t:s0 Target Objects /etc/NetworkManager/NetworkManager.conf [ file ] Source NetworkManager Source Path /usr/sbin/NetworkManager Port <Unknown> Host localhost.localdomain Source RPM Packages NetworkManager-0.8.1-6.git20100831.fc14 Target RPM Packages NetworkManager-0.8.1-6.git20100831.fc14 Policy RPM selinux-policy-3.9.5-7.fc14 Selinux Enabled True Policy Type targeted Enforcing Mode Enforcing Plugin Name catchall Host Name localhost.localdomain Platform Linux localhost.localdomain 2.6.35.4-28.fc14.x86_64 #1 SMP Wed Sep 15 01:56:54 UTC 2010 x86_64 x86_64 Alert Count 1 First Seen Thu 07 Oct 2010 03:30:09 PM CDT Last Seen Thu 07 Oct 2010 03:30:09 PM CDT Local ID 482350b7-3b53-43e5-b813-fb960015e075 Line Numbers Raw Audit Messages node=localhost.localdomain type=AVC msg=audit(1286483409.456:62480): avc: denied { unlink } for pid=6264 comm="NetworkManager" name="NetworkManager.conf" dev=dm-0 ino=53046 scontext=system_u:system_r:NetworkManager_t:s0 tcontext=system_u:object_r:etc_t:s0 tclass=file node=localhost.localdomain type=SYSCALL msg=audit(1286483409.456:62480): arch=c000003e syscall=82 success=no exit=-13 a0=966810 a1=950f90 a2=961ea0 a3=1 items=0 ppid=1 pid=6264 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="NetworkManager" exe="/usr/sbin/NetworkManager" subj=system_u:system_r:NetworkManager_t:s0 key=(null) I opened a bug on NetworkManager. https://bugzilla.redhat.com/show_bug.cgi?id=641331 |