Red Hat Bugzilla – Bug 438645
SELinux is preventing iwconfig (ifconfig_t) "search" to ./keys (debugfs_t).
Last modified: 2008-03-25 01:47:51 EDT
Description of problem: Souhrn: SELinux is preventing iwconfig (ifconfig_t) "search" to ./keys (debugfs_t). Podrobný popis: SELinux denied access requested by iwconfig. It is not expected that this access is required by iwconfig and this access may signal an intrusion attempt. It is also possible that the specific version or configuration of the application is causing it to require additional access. Povolení přístupu: Sometimes labeling problems can cause SELinux denials. You could try to restore the default system file context for ./keys, restorecon -v './keys' If this does not work, there is currently no automatic way to allow this access. Instead, you can generate a local policy module to allow this access - see FAQ (http://fedora.redhat.com/docs/selinux-faq-fc5/#id2961385) Or you can disable SELinux protection altogether. Disabling SELinux protection is not recommended. Please file a bug report (http://bugzilla.redhat.com/bugzilla/enter_bug.cgi) against this package. Další informace: Kontext zdroje system_u:system_r:ifconfig_t:SystemLow-SystemHigh Kontext cíle system_u:object_r:debugfs_t Objekty cíle ./keys [ dir ] Zdroj iwconfig Cesta zdroje /sbin/iwconfig Port <Neznámé> Počítač viklef.ceplovi.cz RPM balíčky zdroje wireless-tools-29-0.2.pre22.fc8 RPM balíčky cíle RPM politiky selinux-policy-3.0.8-95.fc8 Selinux povolen True Typ politiky targeted MLS povoleno True Vynucovací režim Enforcing Název zásuvného modulu catchall_file Název počítače viklef.ceplovi.cz Platforma Linux viklef.ceplovi.cz 2.6.24.3-50.fc8 #1 SMP Thu Mar 20 14:47:10 EDT 2008 i686 i686 Počet uporoznění 6 Poprvé viděno Ne 23. březen 2008, 09:37:14 CET Naposledy viděno Ne 23. březen 2008, 17:18:41 CET Místní ID 285735c5-5b13-4989-835e-988c61108e29 Čísla řádků Původní zprávy auditu host=viklef.ceplovi.cz type=AVC msg=audit(1206289121.945:104): avc: denied { search } for pid=31510 comm="iwconfig" name="keys" dev=debugfs ino=1392693 scontext=system_u:system_r:ifconfig_t:s0-s0:c0.c1023 tcontext=system_u:object_r:debugfs_t:s0 tclass=dir host=viklef.ceplovi.cz type=AVC msg=audit(1206289121.945:104): avc: denied { search } for pid=31510 comm="iwconfig" name="netdev:wlan0" dev=debugfs ino=1392730 scontext=system_u:system_r:ifconfig_t:s0-s0:c0.c1023 tcontext=system_u:object_r:debugfs_t:s0 tclass=dir host=viklef.ceplovi.cz type=SYSCALL msg=audit(1206289121.945:104): arch=40000003 syscall=54 success=yes exit=0 a0=3 a1=8b2a a2=bfb98788 a3=bfb988c0 items=0 ppid=31358 pid=31510 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) comm="iwconfig" exe="/sbin/iwconfig" subj=system_u:system_r:ifconfig_t:s0-s0:c0.c1023 key=(null) Version-Release number of selected component (if applicable): wireless-tools-29-0.2.pre22.fc8 selinux-policy-targeted-3.0.8-95.fc8 Additional info: This happens to me on resume from suspended notebook. Actually, I don't know what ./keys is (I haven't found anything which looks reasonably similar on the hard disk; ls -lZ /etc/sysconfig/network-scripts/keys-wlan0 has labels system_u:object_r:etc_t.
Fixed in selinux-policy-3.3.24.fc9