Bug 1259181
| Summary: | SELinux is preventing NetworkManager from 'setopt' accesses on the netlink_generic_socket Unknown. | ||
|---|---|---|---|
| Product: | [Fedora] Fedora | Reporter: | Nicolas Mailhot <nicolas.mailhot> |
| Component: | selinux-policy | Assignee: | Miroslav Grepl <mgrepl> |
| Status: | CLOSED DUPLICATE | QA Contact: | Fedora Extras Quality Assurance <extras-qa> |
| Severity: | unspecified | Docs Contact: | |
| Priority: | unspecified | ||
| Version: | rawhide | CC: | dominick.grift, dwalsh, lvrabec, mgrepl, plautrba |
| Target Milestone: | --- | ||
| Target Release: | --- | ||
| Hardware: | x86_64 | ||
| OS: | Unspecified | ||
| Whiteboard: | abrt_hash:fd6a60ff47914b7cf5017eb38a262909f0b71a3f076503ae9b641e3fd995f25b | ||
| Fixed In Version: | Doc Type: | Bug Fix | |
| Doc Text: | Story Points: | --- | |
| Clone Of: | Environment: | ||
| Last Closed: | 2015-09-11 09:35:15 UTC | Type: | --- |
| Regression: | --- | Mount Type: | --- |
| Documentation: | --- | CRM: | |
| Verified Versions: | Category: | --- | |
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
| Cloudforms Team: | --- | Target Upstream Version: | |
| Embargoed: | |||
*** This bug has been marked as a duplicate of bug 1259180 *** |
Description of problem: networkmanager restart in permissive mode to get some network (after relabel & reboot) SELinux is preventing NetworkManager from 'setopt' accesses on the netlink_generic_socket Unknown. ***** Plugin catchall (100. confidence) suggests ************************** If vous pensez que NetworkManager devrait être autorisé à accéder setopt sur Unknown netlink_generic_socket par défaut. Then vous devriez rapporter ceci en tant qu'anomalie. Vous pouvez générer un module de stratégie local pour autoriser cet accès. Do autoriser cet accès pour le moment en exécutant : # grep NetworkManager /var/log/audit/audit.log | audit2allow -M mypol # semodule -i mypol.pp Additional Information: Source Context system_u:system_r:NetworkManager_t:s0 Target Context system_u:system_r:NetworkManager_t:s0 Target Objects Unknown [ netlink_generic_socket ] Source NetworkManager Source Path NetworkManager Port <Unknown> Host (removed) Source RPM Packages Target RPM Packages Policy RPM selinux-policy-3.13.1-146.fc24.noarch Selinux Enabled True Policy Type targeted Enforcing Mode Permissive Host Name (removed) Platform Linux (removed) 4.2.0-1.fc24.x86_64 #1 SMP Mon Aug 31 15:58:25 UTC 2015 x86_64 x86_64 Alert Count 2 First Seen 2015-09-02 09:02:23 CEST Last Seen 2015-09-02 09:02:23 CEST Local ID 854ab1ba-82b5-4ba6-a24c-0f25e8997ac4 Raw Audit Messages type=AVC msg=audit(1441177343.657:1104): avc: denied { setopt } for pid=4412 comm="teamd" scontext=system_u:system_r:NetworkManager_t:s0 tcontext=system_u:system_r:NetworkManager_t:s0 tclass=netlink_generic_socket permissive=1 Hash: NetworkManager,NetworkManager_t,NetworkManager_t,netlink_generic_socket,setopt Version-Release number of selected component: selinux-policy-3.13.1-146.fc24.noarch Additional info: reporter: libreport-2.6.2 hashmarkername: setroubleshoot kernel: 4.2.0-1.fc24.x86_64 type: libreport