This is uptodate F9: Summary: SELinux is preventing kismet_server (kismet_t) "create" to <Unknown> (kismet_t). Detailed Description: SELinux denied access requested by kismet_server. It is not expected that this access is required by kismet_server and this access may signal an intrusion attempt. It is also possible that the specific version or configuration of the application is causing it to require additional access. Allowing Access: You can generate a local policy module to allow this access - see FAQ (http://fedora.redhat.com/docs/selinux-faq-fc5/#id2961385) Or you can disable SELinux protection altogether. Disabling SELinux protection is not recommended. Please file a bug report (http://bugzilla.redhat.com/bugzilla/enter_bug.cgi) against this package. Additional Information: Source Context unconfined_u:unconfined_r:kismet_t:s0-s0:c0.c1023 Target Context unconfined_u:unconfined_r:kismet_t:s0-s0:c0.c1023 Target Objects None [ packet_socket ] Source kismet_server Source Path /usr/bin/kismet_server Port <Unknown> Host localhost.localdomain Source RPM Packages kismet-0.0.2007.10.R1-3.fc9 Target RPM Packages Policy RPM selinux-policy-3.3.1-51.fc9 Selinux Enabled True Policy Type targeted MLS Enabled True Enforcing Mode Enforcing Plugin Name catchall Host Name localhost.localdomain Platform Linux localhost.localdomain 2.6.25.3-18.fc9.i686 #1 SMP Tue May 13 05:38:53 EDT 2008 i686 i686 Alert Count 2 First Seen Pi 23. måj 2008, 08:00:26 CEST Last Seen Pi 23. måj 2008, 08:00:26 CEST Local ID f62503bb-8c8b-4185-b7f5-26548e12d193 Line Numbers Raw Audit Messages host=localhost.localdomain type=AVC msg=audit(1211522426.465:18): avc: denied { create } for pid=2859 comm="kismet_server" scontext=unconfined_u:unconfined_r:kismet_t:s0-s0:c0.c1023 tcontext=unconfined_u:unconfined_r:kismet_t:s0-s0:c0.c1023 tclass=packet_socket host=localhost.localdomain type=SYSCALL msg=audit(1211522426.465:18): arch=40000003 syscall=102 success=no exit=-13 a0=1 a1=bff447f0 a2=62d8f0 a3=810a240 items=0 ppid=2858 pid=2859 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts0 ses=1 comm="kismet_server" exe="/usr/bin/kismet_server" subj=unconfined_u:unconfined_r:kismet_t:s0-s0:c0.c1023 key=(null)
Fixed in selinux-policy-3.3.1-72.fc9.noarch
Created attachment 312168 [details] selinux_alert
I'm seeing a similar problem with selinux-policy-3.3.1-78.fc9.noarch. SELinux is preventing kismet_server (kismet_t) "net_raw" to <Unknown> (kismet_t). Fresh install of kismet on a fully updated F9 laptop. Changed the source line in /etc/kismet/kismet.conf to "source=iwl4965,wlan0,wlan0" and then: $ sudo kismet Launching kismet_server: /usr/bin/kismet_server Will drop privs to kismet (491) gid 485 No specific sources given to be enabled, all will be enabled. Non-RFMon VAPs will be destroyed on multi-vap interfaces (ie, madwifi-ng) Enabling channel hopping. Enabling channel splitting. NOTICE: Disabling channel hopping, no enabled sources are able to change channel. Source 0 (wlan0): Enabling monitor mode for iwl4965 source interface wlan0 channel 6... Source 0 (wlan0): Opening iwl4965 source interface wlan0... FATAL: socket: Operation not permitted Done. selinux_alert message attached.
You can allow this for now. # audit2allow -M mypol -l -i /var/log/audit/audit.log # semodule -i mypol.pp Fixed in selinux-policy-3.3.1-80.fc9.noarch
*** This bug has been marked as a duplicate of bug 459324 ***