Description of problem: SELinux is preventing /usr/sbin/ifconfig from 'read' accesses on the file unix. ***** Plugin catchall (100. confidence) suggests *************************** If sie denken, dass es ifconfig standardmässig erlaubt sein sollte, read Zugriff auf unix file zu erhalten. Then sie sollten dies als Fehler melden. Um diesen Zugriff zu erlauben, können Sie ein lokales Richtlinien-Modul erstellen. Do zugriff jetzt erlauben, indem Sie die nachfolgenden Befehle ausführen: # grep ifconfig /var/log/audit/audit.log | audit2allow -M mypol # semodule -i mypol.pp Additional Information: Source Context system_u:system_r:passenger_t:s0 Target Context system_u:object_r:proc_net_t:s0 Target Objects unix [ file ] Source ifconfig Source Path /usr/sbin/ifconfig Port <Unbekannt> Host (removed) Source RPM Packages net-tools-2.0-0.6.20130109git.fc19.x86_64 Target RPM Packages Policy RPM selinux-policy-3.12.1-73.fc19.noarch Selinux Enabled True Policy Type targeted Enforcing Mode Permissive Host Name (removed) Platform Linux (removed) 3.10.10-200.fc19.x86_64 #1 SMP Thu Aug 29 19:05:45 UTC 2013 x86_64 x86_64 Alert Count 3 First Seen 2013-09-04 16:31:41 CEST Last Seen 2013-09-08 04:01:07 CEST Local ID d26e0611-c568-4692-a441-d8b135b50ca4 Raw Audit Messages type=AVC msg=audit(1378605667.575:9196): avc: denied { read } for pid=19717 comm="ifconfig" name="unix" dev="proc" ino=4026532002 scontext=system_u:system_r:passenger_t:s0 tcontext=system_u:object_r:proc_net_t:s0 tclass=file type=SYSCALL msg=audit(1378605667.575:9196): arch=x86_64 syscall=access success=yes exit=0 a0=7f4a5d03b56b a1=4 a2=7530 a3=a items=0 ppid=19716 pid=19717 auid=4294967295 uid=52 gid=52 euid=52 suid=52 fsuid=52 egid=52 sgid=52 fsgid=52 ses=4294967295 tty=(none) comm=ifconfig exe=/usr/sbin/ifconfig subj=system_u:system_r:passenger_t:s0 key=(null) Hash: ifconfig,passenger_t,proc_net_t,file,read Additional info: reporter: libreport-2.1.6 hashmarkername: setroubleshoot kernel: 3.10.10-200.fc19.x86_64 type: libreport
*** Bug 1007260 has been marked as a duplicate of this bug. ***
*** Bug 1007259 has been marked as a duplicate of this bug. ***
commit c90ec833acfff613797bf8f64a2856d094280e5b Author: Miroslav Grepl <mgrepl> Date: Thu Sep 12 11:25:12 2013 +0200 Allow passenger to execute ifconfig
selinux-policy-3.12.1-74.4.fc19 has been submitted as an update for Fedora 19. https://admin.fedoraproject.org/updates/selinux-policy-3.12.1-74.4.fc19
Package selinux-policy-3.12.1-74.4.fc19: * should fix your issue, * was pushed to the Fedora 19 testing repository, * should be available at your local mirror within two days. Update it with: # su -c 'yum update --enablerepo=updates-testing selinux-policy-3.12.1-74.4.fc19' as soon as you are able to. Please go to the following url: https://admin.fedoraproject.org/updates/FEDORA-2013-17007/selinux-policy-3.12.1-74.4.fc19 then log in and leave karma (feedback).
selinux-policy-3.12.1-74.4.fc19 has been pushed to the Fedora 19 stable repository. If problems still persist, please make note of it in this bug report.