Bug 759261

Summary: Your system may be seriously compromised! iwconfig tried to load a kernel module.
Product: [Fedora] Fedora Reporter: maurizio <antillon.maurizio>
Component: selinux-policyAssignee: Miroslav Grepl <mgrepl>
Status: CLOSED WONTFIX QA Contact: Fedora Extras Quality Assurance <extras-qa>
Severity: medium Docs Contact:
Priority: unspecified    
Version: 13CC: dominick.grift, dwalsh, mgrepl
Target Milestone: ---   
Target Release: ---   
Hardware: i386   
OS: Linux   
Whiteboard: setroubleshoot_trace_hash:81b80dfbb52453c8efafd3d663453c671c1519265b5a14355ae41d4e4bf0e351
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2011-12-02 09:47:53 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:

Description maurizio 2011-12-01 19:39:27 UTC 
Summary:

Your system may be seriously compromised! iwconfig tried to load a kernel
module.

Detailed Description:

SELinux has prevented iwconfig from loading a kernel module. All confined
programs that need to load kernel modules should have already had policy written
for them. If a compromised application tries to modify the kernel this AVC will
be generated. This is a serious issue. Your system may very well be compromised.

Allowing Access:

Contact your security administrator and report this issue.

Additional Information:

Source Context                system_u:system_r:ifconfig_t:s0
Target Context                system_u:system_r:ifconfig_t:s0
Target Objects                None [ capability ]
Source                        iwconfig
Source Path                   iwconfig
Port                          <Unknown>
Host                          (removed)
Source RPM Packages           
Target RPM Packages           
Policy RPM                    selinux-policy-3.7.19-101.fc13
Selinux Enabled               True
Policy Type                   targeted
Enforcing Mode                Enforcing
Plugin Name                   sys_module
Host Name                     (removed)
Platform                      Linux (removed)
                              2.6.34.9-69.fc13.i686 #1 SMP Tue May 3 09:20:30
                              UTC 2011 i686 i686
Alert Count                   8
First Seen                    Thu 01 Dec 2011 12:31:34 PM MST
Last Seen                     Thu 01 Dec 2011 12:32:49 PM MST
Local ID                      b3c6e83b-d831-45c8-b17b-78fdfb96de2f
Line Numbers                  

Raw Audit Messages            

node=(removed) type=AVC msg=audit(1322767969.581:34): avc:  denied  { sys_module } for  pid=4070 comm="iwconfig" capability=16  scontext=system_u:system_r:ifconfig_t:s0 tcontext=system_u:system_r:ifconfig_t:s0 tclass=capability



Hash String generated from  sys_module,iwconfig,ifconfig_t,ifconfig_t,capability,sys_module
audit2allow suggests:

#============= ifconfig_t ==============
allow ifconfig_t self:capability sys_module;
Comment 1 Miroslav Grepl 2011-12-02 09:47:53 UTC 
F13 is no longer supported. Please update to a newer version of Fedora. Thank you.