Description of problem: SELinux is preventing NetworkManager (NetworkManager_t) "sys_admin" to <Unknown> (NetworkManager_t). This happens every time I plug in the ethernet cable and it connects to it (also when it first connects on a start). Version-Release number of selected component (if applicable): selinux-policy-2.4.6-158.el5 NetworkManager-0.7.0-0.11.svn4082.el5 dbus-1.1.2-10.el5 How reproducible: Always Steps to Reproduce: 1. Start NetworkManager 2. If not already connected, plug in a network cable. 3. If not already enabled, enable "Auto Ethernet". Actual results: aforementioned selunix denial Expected results: No denial Additional info: Raw Audit Messages :host=dhcp-100-2-166.bos.redhat.com type=AVC msg=audit(1222712955.594:398): avc: denied { sys_admin } for pid=4330 comm="NetworkManager" capability=21 scontext=user_u:system_r:NetworkManager_t:s0 tcontext=user_u:system_r:NetworkManager_t:s0 tclass=capability host=dhcp-100-2-166.bos.redhat.com type=SYSCALL msg=audit(1222712955.594:398): arch=40000003 syscall=74 success=no exit=-1 a0=80aecba a1=15 a2=0 a3=bff843c8 items=0 ppid=1 pid=4330 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=5 comm="NetworkManager" exe="/usr/sbin/NetworkManager" subj=user_u:system_r:NetworkManager_t:s0 key=(null)
Possibly related; less clearly so (can't tell what's causing it): host=dhcp-100-2-166.bos.redhat.com type=AVC msg=audit(1222710360.1:307): avc: denied { sys_admin } for pid=3386 comm="NetworkManager" capability=21 scontext=system_u:system_r:NetworkManager_t:s0 tcontext=system_u:system_r:NetworkManager_t:s0 tclass=capability host=dhcp-100-2-166.bos.redhat.com type=SYSCALL msg=audit(1222710360.1:307): arch=40000003 syscall=74 success=no exit=-1 a0=80aecba a1=15 a2=0 a3=bfab2a58 items=0 ppid=1 pid=3386 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="NetworkManager" exe="/usr/sbin/NetworkManager" subj=system_u:system_r:NetworkManager_t:s0 key=(null) and host=dhcp-100-2-166.bos.redhat.com type=AVC msg=audit(1222457473.789:37): avc: denied { sys_admin } for pid=3964 comm="NetworkManager" capability=21 scontext=root:system_r:NetworkManager_t:s0 tcontext=root:system_r:NetworkManager_t:s0 tclass=capability host=dhcp-100-2-166.bos.redhat.com type=SYSCALL msg=audit(1222457473.789:37): arch=40000003 syscall=74 success=no exit=-1 a0=80aecba a1=15 a2=0 a3=bfd9c208 items=0 ppid=1 pid=3964 auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=1 comm="NetworkManager" exe="/usr/sbin/NetworkManager" subj=root:system_r:NetworkManager_t:s0 key=(null)
I have been told that this is the wrong version of Network Manager, the one that will ship will not be setting the hostname and will not need this priv.
Yeah, svn4088 or later turns off hostname updates. 4088 is what's attached to the errata, apparently it's not getting pulled into the composes.