Bug 645566
| Summary: | Selinux prevents network from starting. | ||
|---|---|---|---|
| Product: | [Fedora] Fedora | Reporter: | Jay Fenlason <fenlason> |
| Component: | selinux-policy | Assignee: | Daniel Walsh <dwalsh> |
| Status: | CLOSED RAWHIDE | QA Contact: | Fedora Extras Quality Assurance <extras-qa> |
| Severity: | medium | Docs Contact: | |
| Priority: | low | ||
| Version: | rawhide | CC: | dwalsh, jfeeney, john.ellson, mgrepl, vonbrand |
| Target Milestone: | --- | ||
| Target Release: | --- | ||
| Hardware: | Unspecified | ||
| OS: | Unspecified | ||
| Whiteboard: | |||
| Fixed In Version: | Doc Type: | Bug Fix | |
| Doc Text: | Story Points: | --- | |
| Clone Of: | Environment: | ||
| Last Closed: | 2010-10-22 13:44:18 UTC | Type: | --- |
| Regression: | --- | Mount Type: | --- |
| Documentation: | --- | CRM: | |
| Verified Versions: | Category: | --- | |
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
| Cloudforms Team: | --- | Target Upstream Version: | |
| Embargoed: | |||
Me too, but strangely only on i686 rawhide and not x86_64, both with selinux-policy-3.9.7-4 and dhclient-4.2.0-15 Let's clean up some of these AVC messages. Not sure why but '/etc/dhcp/dhclient.d/nis.sh' is mislabeled. # matchpathcon /etc/dhcp/dhclient.d/nis.sh /etc/dhcp/dhclient.d/nis.sh system_u:object_r:bin_t:s0 So execute # restorecon -R -v /etc/dhcp/dhclient.d/ Then could you try to re-test it and make sure that the label is not changed using # ls -lZ /etc/dhcp/dhclient.d/ Thanks. Fixed in selinux-policy-3.9.7-5.fc15 *** Bug 645969 has been marked as a duplicate of this bug. *** |
Description of problem: After I upgraded -lab4 to the latest rawhide and rebooted into the newest kernel, the network failed to come up, leaving me unable to log in to the box. Rebooting with selinux=0 let the network come up so I could log in Version-Release number of selected component (if applicable): selinux-policy-3.9.7-4.fc15.noarch How reproducible: Always Steps to Reproduce: 1.Upgrade to latest rawhide 2.reboot 3.Try to ssh in. Actual results: No network Expected results: Working network. Additional info: When I booted with enforcing=0, I found the following in /var/log/messages: Oct 21 16:23:10 fenlason-lab4 kernel: [ 32.312530] type=1400 audit(1287692585.834:4): avc: denied { search } for pid=1126 comm="dhclient" name="pki" dev=sda2 ino=1632045 scontext=system_u:system_r:dhcpc_t:s0 tcontext=system_u:object_r:cert_t:s0 tclass=dir Oct 21 16:23:10 fenlason-lab4 kernel: [ 32.343260] type=1400 audit(1287692585.865:5): avc: denied { read } for pid=1126 comm="dhclient" name="openssl.cnf" dev=sda2 ino=1632289 scontext=system_u:system_r:dhcpc_t:s0 tcontext=system_u:object_r:cert_t:s0 tclass=file Oct 21 16:23:10 fenlason-lab4 kernel: [ 32.352126] type=1400 audit(1287692585.874:6): avc: denied { open } for pid=1126 comm="dhclient" name="openssl.cnf" dev=sda2 ino=1632289 scontext=system_u:system_r:dhcpc_t:s0 tcontext=system_u:object_r:cert_t:s0 tclass=file Oct 21 16:23:10 fenlason-lab4 kernel: [ 32.361950] type=1400 audit(1287692585.883:7): avc: denied { getattr } for pid=1126 comm="dhclient" path="/etc/pki/tls/openssl.cnf" dev=sda2 ino=1632289 scontext=system_u:system_r:dhcpc_t:s0 tcontext=system_u:object_r:cert_t:s0 tclass=file Oct 21 16:23:10 fenlason-lab4 kernel: [ 34.160592] type=1400 audit(1287692587.682:8): avc: denied { getattr } for pid=1149 comm="dhclient-script" path="/etc/dhcp/dhclient.d/nis.sh" dev=sda2 ino=2156895 scontext=system_u:system_r:dhcpc_t:s0 tcontext=system_u:object_r:admin_home_t:s0 tclass=file Oct 21 16:23:10 fenlason-lab4 kernel: [ 34.171083] type=1400 audit(1287692587.693:9): avc: denied { read } for pid=1149 comm="dhclient-script" name="nis.sh" dev=sda2 ino=2156895 scontext=system_u:system_r:dhcpc_t:s0 tcontext=system_u:object_r:admin_home_t:s0 tclass=file Oct 21 16:23:10 fenlason-lab4 kernel: [ 34.181720] type=1400 audit(1287692587.703:10): avc: denied { open } for pid=1149 comm="dhclient-script" name="nis.sh" dev=sda2 ino=2156895 scontext=system_u:system_r:dhcpc_t:s0 tcontext=system_u:object_r:admin_home_t:s0 tclass=file