Description of problem: SELinux is preventing NetworkManager from 'write' accesses on the directory /sys. ***** Plugin catchall (100. confidence) suggests ************************** If you believe that NetworkManager should be allowed write access on the sys directory by default. Then you should report this as a bug. You can generate a local policy module to allow this access. Do allow this access for now by executing: # grep NetworkManager /var/log/audit/audit.log | audit2allow -M mypol # semodule -i mypol.pp Additional Information: Source Context system_u:system_r:NetworkManager_t:s0 Target Context system_u:object_r:sysfs_t:s0 Target Objects /sys [ dir ] Source NetworkManager Source Path NetworkManager Port <Unknown> Host (removed) Source RPM Packages Target RPM Packages filesystem-3.2-32.fc22.x86_64 Policy RPM selinux-policy-3.13.1-128.2.fc22.noarch Selinux Enabled True Policy Type targeted Enforcing Mode Enforcing Host Name (removed) Platform Linux (removed) 4.0.5-300.fc22.x86_64+debug #1 SMP Mon Jun 8 15:56:57 UTC 2015 x86_64 x86_64 Alert Count 8 First Seen 2015-06-21 10:37:26 YEKT Last Seen 2015-06-21 10:37:34 YEKT Local ID cfdecad3-2564-4030-ae16-26245074c966 Raw Audit Messages type=AVC msg=audit(1434865054.356:487): avc: denied { write } for pid=844 comm="NetworkManager" name="/" dev="sysfs" ino=1 scontext=system_u:system_r:NetworkManager_t:s0 tcontext=system_u:object_r:sysfs_t:s0 tclass=dir permissive=0 Hash: NetworkManager,NetworkManager_t,sysfs_t,dir,write Version-Release number of selected component: selinux-policy-3.13.1-128.2.fc22.noarch Additional info: reporter: libreport-2.6.0 hashmarkername: setroubleshoot kernel: 4.0.5-300.fc22.x86_64+debug type: libreport
Description of problem: some update today caused this (jun. 22 2015) Version-Release number of selected component: selinux-policy-3.13.1-128.1.fc22.noarch Additional info: reporter: libreport-2.6.0 hashmarkername: setroubleshoot kernel: 4.0.5-300.fc22.x86_64 type: libreport
commit 381d9fbe12943bc86c9220358ff1bf9a92ee608e Author: Lukas Vrabec <lvrabec> Date: Tue Jun 23 16:55:11 2015 +0200 Allow NetworkManager write to sysfs. BZ(1234086)
What does $ sesearch -A -s NetworkManager_t -t sysfs_t -c dir -p audit_access on your system?
$ sesearch -A -s NetworkManager_t -t sysfs_t -c dir -p audit_access Found 1 semantic av rules: allow NetworkManager_t sysfs_t : dir { ioctl read getattr lock search open audit_access } ;
Description of problem: systemctl restart NetworkManager Version-Release number of selected component: selinux-policy-3.13.1-128.2.fc22.noarch Additional info: reporter: libreport-2.6.0 hashmarkername: setroubleshoot kernel: 4.0.4-303.fc22.x86_64 type: libreport
selinux-policy-3.13.1-128.4.fc22 has been submitted as an update for Fedora 22. https://admin.fedoraproject.org/updates/selinux-policy-3.13.1-128.4.fc22
Package selinux-policy-3.13.1-128.4.fc22: * should fix your issue, * was pushed to the Fedora 22 testing repository, * should be available at your local mirror within two days. Update it with: # su -c 'yum update --enablerepo=updates-testing selinux-policy-3.13.1-128.4.fc22' as soon as you are able to. Please go to the following url: https://admin.fedoraproject.org/updates/FEDORA-2015-10974/selinux-policy-3.13.1-128.4.fc22 then log in and leave karma (feedback).
Description of problem: I stopped NetworkManager, brought lo device down and up manually, and then started NM again. I received this warning immediately afterwards. Version-Release number of selected component: selinux-policy-3.13.1-128.2.fc22.noarch Additional info: reporter: libreport-2.6.0 hashmarkername: setroubleshoot kernel: 4.0.6-300.fc22.x86_64 type: libreport
Update selinux-policy package. Thank you.
selinux-policy-3.13.1-128.4.fc22 has been pushed to the Fedora 22 stable repository. If problems still persist, please make note of it in this bug report.