Detailed Description: SELinux denied access requested by pppd. It is not expected that this access is required by pppd and this access may signal an intrusion attempt. It is also possible that the specific version or configuration of the application is causing it to require additional access. Additional Information: Source Context system_u:system_r:pppd_t:s0 Target Context system_u:object_r:pppd_etc_t:s0 Target Objects ./resolv.conf [ file ] Source pppd Source Path /usr/sbin/pppd Port <Unknown> Host localhost.localdomain Source RPM Packages ppp-2.4.4-2 Target RPM Packages Policy RPM selinux-policy-3.0.8-109.fc8 Selinux Enabled True Policy Type targeted MLS Enabled True Enforcing Mode Enforcing Plugin Name catchall_file Host Name localhost.localdomain Platform Linux localhost.localdomain 2.6.25.6-27.fc8 #1 SMP Fri Jun 13 16:38:52 EDT 2008 i686 i686 Alert Count 36 First Seen Thu 08 May 2008 05:30:05 AM IST Last Seen Tue 01 Jul 2008 06:46:53 AM IST Local ID 5ab68b64-0aa9-49b8-9780-10d2fb630c5c Line Numbers Raw Audit Messages host=localhost.localdomain type=AVC msg=audit(1214875013.86:86): avc: denied { write } for pid=9990 comm="pppd" name="resolv.conf" dev=sda5 ino=5076058 scontext=system_u:system_r:pppd_t:s0 tcontext=system_u:object_r:pppd_etc_t:s0 tclass=file host=localhost.localdomain type=SYSCALL msg=audit(1214875013.86:86): arch=40000003 syscall=5 success=no exit=-13 a0=b7f90806 a1=241 a2=1b6 a3=b9b96390 items=0 ppid=1702 pid=9990 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="pppd" exe="/usr/sbin/pppd" subj=system_u:system_r:pppd_t:s0 key=(null)
Somehow /etc/resolv.conf got the wrong label on it. restorecon -R -v /etc/resolv.conf will fix. Any idea how this file got created? If you fix the file context does it get messed up again later?