Bug 478599
| Summary: | SELinux is preventing NetworkManager (NetworkManager_t) "sys_resource" NetworkManager_t. | ||
|---|---|---|---|
| Product: | [Fedora] Fedora | Reporter: | Martin Naď <martin.nad89> |
| Component: | selinux-policy-targeted | Assignee: | Daniel Walsh <dwalsh> |
| Status: | CLOSED DUPLICATE | QA Contact: | Ben Levenson <benl> |
| Severity: | medium | Docs Contact: | |
| Priority: | low | ||
| Version: | 10 | CC: | mschmidt |
| Target Milestone: | --- | ||
| Target Release: | --- | ||
| Hardware: | x86_64 | ||
| OS: | Linux | ||
| Whiteboard: | |||
| Fixed In Version: | Doc Type: | Bug Fix | |
| Doc Text: | Story Points: | --- | |
| Clone Of: | Environment: | ||
| Last Closed: | 2009-01-03 10:58:37 UTC | Type: | --- |
| Regression: | --- | Mount Type: | --- |
| Documentation: | --- | CRM: | |
| Verified Versions: | Category: | --- | |
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
| Cloudforms Team: | --- | Target Upstream Version: | |
| Embargoed: | |||
SELinux is preventing console-kit-dae (consolekit_t) "sys_resource" consolekit_t.
Původní zprávy auditu :
node=localhost.localdomain type=AVC msg=audit(1230831157.61:49): avc: denied { sys_resource } for pid=1836 comm="console-kit-dae" capability=24 scontext=system_u:system_r:consolekit_t:s0-s0:c0.c1023 tcontext=system_u:system_r:consolekit_t:s0-s0:c0.c1023 tclass=capability node=localhost.localdomain type=SYSCALL msg=audit(1230831157.61:49): arch=c000003e syscall=1 success=yes exit=679 a0=12 a1=1b70c60 a2=2a7 a3=0 items=0 ppid=1 pid=1836 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="console-kit-dae" exe="/usr/sbin/console-kit-daemon" subj=system_u:system_r:consolekit_t:s0-s0:c0.c1023 key=(null)
The reporter told me he used ext4. So this is certainly a duplicate of bug 468683. *** This bug has been marked as a duplicate of bug 468683 *** |
Description of problem: Souhrn SELinux is preventing NetworkManager (NetworkManager_t) "sys_resource" NetworkManager_t. Podrobný popis SELinux denied access requested by NetworkManager. It is not expected that this access is required by NetworkManager and this access may signal an intrusion attempt. It is also possible that the specific version or configuration of the application is causing it to require additional access. Povolení přístupu You can generate a local policy module to allow this access - see FAQ Or you can disable SELinux protection altogether. Disabling SELinux protection is not recommended. Please file a bug report against this package. Další informace Kontext zdroje: system_u:system_r:NetworkManager_t:s0 Kontext cíle: system_u:system_r:NetworkManager_t:s0 Objekty cíle: None [ capability ] Zdroj: NetworkManager Cesta zdroje: /usr/sbin/NetworkManager Port: <Neznámé> Počítač: localhost.localdomain RPM balíčky zdroje: NetworkManager-0.7.0-0.12.svn4326.fc10 RPM balíčky cíle: RPM politiky: selinux-policy-3.5.13-34.fc10 Selinux povolen: True Typ politiky: targeted MLS povoleno: True Vynucovací režim: Enforcing Název zásuvného modulu: catchall Název počítače: localhost.localdomain Platforma: Linux localhost.localdomain 2.6.27.9-159.fc10.x86_64 #1 SMP Tue Dec 16 14:47:52 EST 2008 x86_64 x86_64 Počet upozornění: 15 Poprvé viděno: Čt 1. leden 2009, 18:32:36 CET Naposledy viděno: Čt 1. leden 2009, 21:20:25 CET Místní ID: a66b698f-4ddf-462f-9b5b-d906f604869c Čísla řádků: Původní zprávy auditu : node=localhost.localdomain type=AVC msg=audit(1230841225.275:87): avc: denied { sys_resource } for pid=2016 comm="NetworkManager" capability=24 scontext=system_u:system_r:NetworkManager_t:s0 tcontext=system_u:system_r:NetworkManager_t:s0 tclass=capability node=localhost.localdomain type=SYSCALL msg=audit(1230841225.275:87): arch=c000003e syscall=1 success=yes exit=0 a0=9 a1=7f6f6c79b000 a2=50 a3=7f6f6c77d740 items=0 ppid=1 pid=2016 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="NetworkManager" exe="/usr/sbin/NetworkManager" subj=system_u:system_r:NetworkManager_t:s0 key=(null) Version-Release number of selected component (if applicable): selinux-policy-targeted-3.5.13-34.fc10.noarch selinux-policy-3.5.13-34.fc10.noarch knetworkmanager-0.7-0.7.20080926svn.fc10.x86_64