Bug 413221 - SELinux is preventing /sbin/modprobe (insmod_t) "setsched" to (kernel_t).
SELinux is preventing /sbin/modprobe (insmod_t) "setsched" to (kernel_t).
Status: CLOSED CURRENTRELEASE
Product: Fedora
Classification: Fedora
Component: selinux-policy (Show other bugs)
rawhide
i386 Linux
low Severity low
: ---
: ---
Assigned To: Daniel Walsh
Fedora Extras Quality Assurance
:
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2007-12-05 19:26 EST by Greg Morse
Modified: 2007-12-06 10:19 EST (History)
0 users

See Also:
Fixed In Version: Current
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2007-12-06 10:19:40 EST
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:


Attachments (Terms of Use)

  None (edit)
Description Greg Morse 2007-12-05 19:26:43 EST
Description of problem:trying to install and get wireless working.
get message in selinux trouble shooter.

Version-Release number of selected component (if applicable):


How reproducible:


Steps to Reproduce:
1.
2.
3.
  
Actual results:


Expected results:


Additional info:
SELinux denied access requested by /sbin/modprobe. It is not expected that this
access is required by /sbin/modprobe and this access may signal an intrusion
attempt. It is also possible that the specific version or configuration of the
application is causing it to require additional access.Allowing AccessYou can
generate a local policy module to allow this access - see FAQ Or you can disable
SELinux protection altogether. Disabling SELinux protection is not recommended.
Please file a bug report against this package.
Additional InformationSource
Context:  system_u:system_r:insmod_t:SystemLow-SystemHighTarget
Context:  system_u:system_r:kernel_tTarget Objects:  None [ process ]Affected
RPM Packages:  module-init-tools-3.3-0.pre11.1.0.fc7 [application]Policy
RPM:  selinux-policy-2.6.4-57.fc7Selinux Enabled:  TruePolicy Type:  targetedMLS
Enabled:  TrueEnforcing Mode:  PermissivePlugin Name:  plugins.catchallHost
Name:  renegadePlatform:  Linux renegade 2.6.23.1-21.fc7 #1 SMP Thu Nov 1
21:09:24 EDT 2007 i686 i686Alert Count:  1First Seen:  Wed 05 Dec 2007 01:20:50
PM PSTLast Seen:  Wed 05 Dec 2007 01:20:50 PM PSTLocal
ID:  9ff4013a-8744-4b3e-9f21-12d641826bd1Line Numbers: 
 Raw Audit Messages :avc: denied { setsched } for comm="modprobe" egid=0 euid=0
exe="/sbin/modprobe" exit=0 fsgid=0 fsuid=0 gid=0 items=0 pid=2908
scontext=system_u:system_r:insmod_t:s0-s0:c0.c1023 sgid=0
subj=system_u:system_r:insmod_t:s0-s0:c0.c1023 suid=0 tclass=process
tcontext=system_u:system_r:kernel_t:s0 tty=tty7 uid=0
Comment 1 Daniel Walsh 2007-12-06 10:19:40 EST
This is strange since the selinux-policy-2.6.4-57.fc7
policy should have this allow rule.

This looks like something went wrong during the update and the policy latest
policy is not loaded.

Could you try to reinstall the latest selinux-policy-targeted package or just
execute

semodule -B /usr/share/selinux/targeted/base.pp

Should fix the problem.

Note You need to log in before you can comment on or make changes to this bug.