Bug 413221
| Summary: | SELinux is preventing /sbin/modprobe (insmod_t) "setsched" to (kernel_t). | ||
|---|---|---|---|
| Product: | [Fedora] Fedora | Reporter: | Greg Morse <pgmer6809> |
| Component: | selinux-policy | Assignee: | Daniel Walsh <dwalsh> |
| Status: | CLOSED CURRENTRELEASE | QA Contact: | Fedora Extras Quality Assurance <extras-qa> |
| Severity: | low | Docs Contact: | |
| Priority: | low | ||
| Version: | rawhide | ||
| Target Milestone: | --- | ||
| Target Release: | --- | ||
| Hardware: | i386 | ||
| OS: | Linux | ||
| Whiteboard: | |||
| Fixed In Version: | Current | Doc Type: | Bug Fix |
| Doc Text: | Story Points: | --- | |
| Clone Of: | Environment: | ||
| Last Closed: | 2007-12-06 15:19:40 UTC | Type: | --- |
| Regression: | --- | Mount Type: | --- |
| Documentation: | --- | CRM: | |
| Verified Versions: | Category: | --- | |
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
| Cloudforms Team: | --- | Target Upstream Version: | |
| Embargoed: | |||
This is strange since the selinux-policy-2.6.4-57.fc7 policy should have this allow rule. This looks like something went wrong during the update and the policy latest policy is not loaded. Could you try to reinstall the latest selinux-policy-targeted package or just execute semodule -B /usr/share/selinux/targeted/base.pp Should fix the problem. |
Description of problem:trying to install and get wireless working. get message in selinux trouble shooter. Version-Release number of selected component (if applicable): How reproducible: Steps to Reproduce: 1. 2. 3. Actual results: Expected results: Additional info: SELinux denied access requested by /sbin/modprobe. It is not expected that this access is required by /sbin/modprobe and this access may signal an intrusion attempt. It is also possible that the specific version or configuration of the application is causing it to require additional access.Allowing AccessYou can generate a local policy module to allow this access - see FAQ Or you can disable SELinux protection altogether. Disabling SELinux protection is not recommended. Please file a bug report against this package. Additional InformationSource Context: system_u:system_r:insmod_t:SystemLow-SystemHighTarget Context: system_u:system_r:kernel_tTarget Objects: None [ process ]Affected RPM Packages: module-init-tools-3.3-0.pre11.1.0.fc7 [application]Policy RPM: selinux-policy-2.6.4-57.fc7Selinux Enabled: TruePolicy Type: targetedMLS Enabled: TrueEnforcing Mode: PermissivePlugin Name: plugins.catchallHost Name: renegadePlatform: Linux renegade 2.6.23.1-21.fc7 #1 SMP Thu Nov 1 21:09:24 EDT 2007 i686 i686Alert Count: 1First Seen: Wed 05 Dec 2007 01:20:50 PM PSTLast Seen: Wed 05 Dec 2007 01:20:50 PM PSTLocal ID: 9ff4013a-8744-4b3e-9f21-12d641826bd1Line Numbers: Raw Audit Messages :avc: denied { setsched } for comm="modprobe" egid=0 euid=0 exe="/sbin/modprobe" exit=0 fsgid=0 fsuid=0 gid=0 items=0 pid=2908 scontext=system_u:system_r:insmod_t:s0-s0:c0.c1023 sgid=0 subj=system_u:system_r:insmod_t:s0-s0:c0.c1023 suid=0 tclass=process tcontext=system_u:system_r:kernel_t:s0 tty=tty7 uid=0