Bug 246200
Summary: | SELinux is preventing /lib/udev/rename_device (udev_t) "sys_module" to <Unknown> (udev_t). | ||||||
---|---|---|---|---|---|---|---|
Product: | [Fedora] Fedora | Reporter: | Matěj Cepl <mcepl> | ||||
Component: | NetworkManager | Assignee: | Dan Williams <dcbw> | ||||
Status: | CLOSED WORKSFORME | QA Contact: | Fedora Extras Quality Assurance <extras-qa> | ||||
Severity: | low | Docs Contact: | |||||
Priority: | low | ||||||
Version: | 7 | CC: | dwalsh, harald, mcepl, notting | ||||
Target Milestone: | --- | ||||||
Target Release: | --- | ||||||
Hardware: | All | ||||||
OS: | Linux | ||||||
Whiteboard: | |||||||
Fixed In Version: | Doc Type: | Bug Fix | |||||
Doc Text: | Story Points: | --- | |||||
Clone Of: | Environment: | ||||||
Last Closed: | 2008-04-22 18:47:43 UTC | Type: | --- | ||||
Regression: | --- | Mount Type: | --- | ||||
Documentation: | --- | CRM: | |||||
Verified Versions: | Category: | --- | |||||
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |||||
Cloudforms Team: | --- | Target Upstream Version: | |||||
Embargoed: | |||||||
Attachments: |
|
Description
Matěj Cepl
2007-06-29 06:35:22 UTC
Created attachment 158187 [details]
audit.log
Are you asking how to change SELinux to allow this to happen? If yes you can add rules to selinux by executing grep udev /var/log/audit/audit.log | audit2allow -M myudev semodule -i myudev.pp If you want to add policy to allow udev to load kernel modules by default, I don't think this is a good idea. Frankly I don't care how it happens, but I don't like the fact, that I get AVC Denials when switching on my network ;-). Switching to NetworkManager component. Are you running in enforcing mode and does the network start up correctly? $ rpm -qf $(fgrep -rl rename_device /etc/udev/rules.d/) initscripts-8.45.7-1 $ rpm -qf /lib/udev/rename_device initscripts-8.45.7-1 No, screwed up behavior of postfix under SELinux (bug 215722 is still alive and well for me) made me to switch to Permissive mode. It is just a notebook, so I don't I really NEED SELinux, running just to make me a testing target (having redhat.com in the email address). However, I have already removed postfix and switched back to sendmail, so I may be able to switch to Enforcing mode again. I will let you know how it goes. Could you update that bugzilla? The question is what is creating the bugzilla, allowing udev to load kernel modules seems dangerous. which one -- this or bug 215722 ? I will get to the latter only in couple of hours (after return home and dinner) Hmm, restarted computer and the network works without a problem. Don't know what's going on. See my audit.log as attachment 158504 [details] attached to the bug 215722 comment 24 If you want you can close this I guess. > allowing udev to load kernel modules seems dangerous
????
closing per comment 9 |