From Bugzilla Helper: User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.8.1.9) Gecko/20071105 Fedora/2.0.0.9-1.fc8 Firefox/2.0.0.9 Description of problem: Summary SELinux is preventing kismet_server (kismet_t) "net_admin" to <Unknown> (kismet_t). Detailed Description SELinux denied access requested by kismet_server. It is not expected that this access is required by kismet_server and this access may signal an intrusion attempt. It is also possible that the specific version or configuration of the application is causing it to require additional access. Allowing Access You can generate a local policy module to allow this access - see http://fedora.redhat.com/docs/selinux-faq-fc5/#id2961385 Or you can disable SELinux protection altogether. Disabling SELinux protection is not recommended. Please file a http://bugzilla.redhat.com/bugzilla/enter_bug.cgi against this package. Additional Information Source Context system_u:system_r:kismet_t:s0 Target Context system_u:system_r:kismet_t:s0 Target Objects None [ capability ] Affected RPM Packages Policy RPM selinux-policy-3.0.8-56.fc8 Selinux Enabled True Policy Type targeted MLS Enabled True Enforcing Mode Enforcing Plugin Name plugins.catchall Host Name israfel Platform Linux israfel 2.6.23.1-49.fc8 #1 SMP Thu Nov 8 21:41:26 EST 2007 i686 i686 Alert Count 2 First Seen Sat 24 Nov 2007 03:58:11 AM EET Last Seen Sat 24 Nov 2007 04:04:59 AM EET Local ID e2f6515d-a388-4f15-9225-03802a4e913d Line Numbers Raw Audit Messages avc: denied { net_admin } for comm=kismet_server pid=4966 scontext=system_u:system_r:kismet_t:s0 tclass=capability tcontext=system_u:system_r:kismet_t:s0 Version-Release number of selected component (if applicable): kismet-0.0.2007.10.R1-0.fc8; selinux-policy-3.0.8-56.fc8 How reproducible: Always Steps to Reproduce: 1. Install kismet (yum install kismet kismet-extras) 2. Edit /etc/kismet/kismet.conf and put user and source 3. Open a terminal. Go "su -". Run "kismet" Actual Results: setroubleshoot pops up with the denied message Expected Results: Have kismet run. Additional info:
You can allow this for now by executing # audit2allow -M mypol -i /var/log/audit/audit.log # semodule -i mypol.pp Fixed in selinux-policy-3.0.8-62.fc8
Bulk closing all bugs in Fedora updates in the modified state. If you bug is not fixed, please reopen.