Red Hat Bugzilla – Bug 313971
couple of AVC denials breaking (among other things) NetworkManager
Last modified: 2007-11-30 17:12:17 EST
Description of problem:
NetworkManager ceased to work quite recently for me, and after a lot of
searching I tried to work my way through audit2allow and when applying three
policies I have created with it, everything works.
Version-Release number of selected component (if applicable):
Steps to Reproduce:
1.restart computer with chkconfig NetworkManager set on "on".
2.messagebus is down, therefore couple of daemons doesn'Å§ work (messages like
Sep 29 17:15:52 viklef console-kit-daemon: WARNING: Couldn't connect to
system bus: Failed to connect to socket /var/run/dbus/system_bus_socket:
3.NetworkManager is not able to get IP address from the network
messagesbus is down, many daemons fail because of that, including NetworkManager
everything is OK, and I get free ice cream ;-)
Created attachment 212331 [details]
Created attachment 212341 [details]
/var/log/messages.1 with particular error messages about access denial to dbus socket
Created attachment 212351 [details]
New NM Selinux module
I think this is the module which made the trick
Created attachment 212361 [details]
Another selinux module I created as well
Just for the sake of completness I have created this module as well -- I have
no clue whether it is needed or actually whether it is good idea.
Created attachment 212371 [details]
and the last SELinux module I made
this is the last module I made
First off, for some reason your /root directory is labeled default_t.
restorecon -R -v /root
should fix this. All of your default_t messages are caused by this.
The hal messages are caused by a badly labeled pm-suspend.log. restorecon -R -v
Should fix this. And an updated version of pm-utils should be coming to fix
this forever. by placing the log file in /var/run/pm and /var/log/pm
dbus fixes will be in selinux-policy-2.6.4-46
I can fully confirm mislabeled /root (I have no idea, how that happened), but
restorecon -v -R /var didn't say anything about relabeling of pm-suspend.log.
I think this has been fixed in subsequent updates of selinux-policy.