Description of problem: Apr 5 21:33:46 bona NetworkManager: <info> Policy set (eth1) as default device for routing and DNS. Apr 5 21:33:46 bona NetworkManager: <info> Activation (eth1) successful, device activated. Apr 5 21:33:46 bona NetworkManager: <info> Activation (eth1) Stage 5 of 5 (IP Configure Commit) complete. Apr 5 21:33:46 bona kernel: type=1400 audit(1207452826.658:89): avc: denied { write } for pid=3533 comm="runlevel" name="utmp" dev=sda5 ino=8009 scontext=system_u:system_r:NetworkManager_t:s0 tcontext=system_u:object_r:initrc_var_run_t:s0 tclass=file Version-Release number of selected component (if applicable): NetworkManager-0.7.0-0.9.1.svn3521.fc9.i386 selinux-policy-3.3.1-26.fc9.noarch
$ cat /sbin/runlevel #!/bin/bash ( date; ps -ef; echo runlevel "$@"; ls --lcontext /var/run/utmp ) >/tmp/runlevel-ps-ef-$( date --iso=sec | tr T: .. ) /sbin/runlevel-orig "$@" Running in permissive mode. Otherwise the /tmp/ file couldn't be created either. root 2240 1 0 20:28 ? 00:00:00 NetworkManagerDispatcher --pid-file=/var/run/NetworkManager/NetworkManagerDispatcher.pid root 2343 2240 0 20:28 ? 00:00:00 /bin/sh /etc/NetworkManager/dispatcher.d/05-netfs eth0 up root 2347 2343 0 20:28 ? 00:00:00 /sbin/chkconfig netfs root 2348 2347 0 20:28 ? 00:00:00 /bin/bash /sbin/runlevel root 2349 2348 0 20:28 ? 00:00:00 /bin/bash /sbin/runlevel root 2354 2349 0 20:28 ? 00:00:00 ps -ef Clearly NMdispatcher is running 05-netfs which calls chkconfig netfs which calls runlevel, which gets the avc denial.
Please update to the latest selinux policy Fixed in selinux-policy-3.3.1-30.fc9
Works in Rawhide-2008-04-09