Description of problem: on boot, after relabel (permissive mode was then required to make network work) See also teaming driver SELinux is preventing NetworkManager from 'create' accesses on the netlink_generic_socket Unknown. ***** Plugin catchall (100. confidence) suggests ************************** If vous pensez que NetworkManager devrait être autorisé à accéder create sur Unknown netlink_generic_socket par défaut. Then vous devriez rapporter ceci en tant qu'anomalie. Vous pouvez générer un module de stratégie local pour autoriser cet accès. Do autoriser cet accès pour le moment en exécutant : # grep NetworkManager /var/log/audit/audit.log | audit2allow -M mypol # semodule -i mypol.pp Additional Information: Source Context system_u:system_r:NetworkManager_t:s0 Target Context system_u:system_r:NetworkManager_t:s0 Target Objects Unknown [ netlink_generic_socket ] Source NetworkManager Source Path NetworkManager Port <Unknown> Host (removed) Source RPM Packages Target RPM Packages Policy RPM selinux-policy-3.13.1-146.fc24.noarch Selinux Enabled True Policy Type targeted Enforcing Mode Permissive Host Name (removed) Platform Linux (removed) 4.2.0-1.fc24.x86_64 #1 SMP Mon Aug 31 15:58:25 UTC 2015 x86_64 x86_64 Alert Count 47 First Seen 2015-09-02 08:50:28 CEST Last Seen 2015-09-02 09:02:23 CEST Local ID b77fa810-56a9-44a2-9659-1e3357857bb4 Raw Audit Messages type=AVC msg=audit(1441177343.657:1103): avc: denied { create } for pid=4412 comm="teamd" scontext=system_u:system_r:NetworkManager_t:s0 tcontext=system_u:system_r:NetworkManager_t:s0 tclass=netlink_generic_socket permissive=1 Hash: NetworkManager,NetworkManager_t,NetworkManager_t,netlink_generic_socket,create Version-Release number of selected component: selinux-policy-3.13.1-146.fc24.noarch Additional info: reporter: libreport-2.6.2 hashmarkername: setroubleshoot kernel: 4.2.0-1.fc24.x86_64 type: libreport
*** Bug 1259181 has been marked as a duplicate of this bug. ***
*** Bug 1259183 has been marked as a duplicate of this bug. ***
*** Bug 1259184 has been marked as a duplicate of this bug. ***
https://github.com/fedora-selinux/selinux-policy commit 724896379c28e4b0f76a715baccc7c1d5318a04b Author: Miroslav Grepl <mgrepl> Date: Fri Sep 11 11:54:10 2015 +0200 Allow teamd running as NetworkManager_t to access netlink_generic_socket to allow multiple network interfaces to be teamed together. BZ(#1259180)
*** Bug 1259932 has been marked as a duplicate of this bug. ***
*** Bug 1260010 has been marked as a duplicate of this bug. ***
*** Bug 1260437 has been marked as a duplicate of this bug. ***