Bug 413221 - SELinux is preventing /sbin/modprobe (insmod_t) "setsched" to (kernel_t).
Summary: SELinux is preventing /sbin/modprobe (insmod_t) "setsched" to (kernel_t).
Keywords:
Status: CLOSED CURRENTRELEASE
Alias: None
Product: Fedora
Classification: Fedora
Component: selinux-policy
Version: rawhide
Hardware: i386
OS: Linux
low
low
Target Milestone: ---
Assignee: Daniel Walsh
QA Contact: Fedora Extras Quality Assurance
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2007-12-06 00:26 UTC by Greg Morse
Modified: 2007-12-06 15:19 UTC (History)
0 users

Fixed In Version: Current
Clone Of:
Environment:
Last Closed: 2007-12-06 15:19:40 UTC
Type: ---
Embargoed:


Attachments (Terms of Use)

Description Greg Morse 2007-12-06 00:26:43 UTC
Description of problem:trying to install and get wireless working.
get message in selinux trouble shooter.

Version-Release number of selected component (if applicable):


How reproducible:


Steps to Reproduce:
1.
2.
3.
  
Actual results:


Expected results:


Additional info:
SELinux denied access requested by /sbin/modprobe. It is not expected that this
access is required by /sbin/modprobe and this access may signal an intrusion
attempt. It is also possible that the specific version or configuration of the
application is causing it to require additional access.Allowing AccessYou can
generate a local policy module to allow this access - see FAQ Or you can disable
SELinux protection altogether. Disabling SELinux protection is not recommended.
Please file a bug report against this package.
Additional InformationSource
Context:  system_u:system_r:insmod_t:SystemLow-SystemHighTarget
Context:  system_u:system_r:kernel_tTarget Objects:  None [ process ]Affected
RPM Packages:  module-init-tools-3.3-0.pre11.1.0.fc7 [application]Policy
RPM:  selinux-policy-2.6.4-57.fc7Selinux Enabled:  TruePolicy Type:  targetedMLS
Enabled:  TrueEnforcing Mode:  PermissivePlugin Name:  plugins.catchallHost
Name:  renegadePlatform:  Linux renegade 2.6.23.1-21.fc7 #1 SMP Thu Nov 1
21:09:24 EDT 2007 i686 i686Alert Count:  1First Seen:  Wed 05 Dec 2007 01:20:50
PM PSTLast Seen:  Wed 05 Dec 2007 01:20:50 PM PSTLocal
ID:  9ff4013a-8744-4b3e-9f21-12d641826bd1Line Numbers: 
 Raw Audit Messages :avc: denied { setsched } for comm="modprobe" egid=0 euid=0
exe="/sbin/modprobe" exit=0 fsgid=0 fsuid=0 gid=0 items=0 pid=2908
scontext=system_u:system_r:insmod_t:s0-s0:c0.c1023 sgid=0
subj=system_u:system_r:insmod_t:s0-s0:c0.c1023 suid=0 tclass=process
tcontext=system_u:system_r:kernel_t:s0 tty=tty7 uid=0

Comment 1 Daniel Walsh 2007-12-06 15:19:40 UTC
This is strange since the selinux-policy-2.6.4-57.fc7
policy should have this allow rule.

This looks like something went wrong during the update and the policy latest
policy is not loaded.

Could you try to reinstall the latest selinux-policy-targeted package or just
execute

semodule -B /usr/share/selinux/targeted/base.pp

Should fix the problem.


Note You need to log in before you can comment on or make changes to this bug.