Description of problem: We are attempting to use snmp to track our mail queues, since the latest update SE Linux has prevented this giving the error below. [root@]# sealert -l 4ffeda18-6826-4644-8a33-d06308dc858d Summary: SELinux is preventing ifconfig (ifconfig_t) "read write" to socket (initrc_t). Detailed Description: SELinux denied access requested by ifconfig. It is not expected that this access is required by ifconfig and this access may signal an intrusion attempt. It is also possible that the specific version or configuration of the application is causing it to require additional access. Allowing Access: You can generate a local policy module to allow this access - see FAQ (http://fedora.redhat.com/docs/selinux-faq-fc5/#id2961385) Or you can disable SELinux protection altogether. Disabling SELinux protection is not recommended. Please file a bug report (http://bugzilla.redhat.com/bugzilla/enter_bug.cgi) against this package. Additional Information: Source Context system_u:system_r:ifconfig_t Target Context system_u:system_r:initrc_t Target Objects socket [ tcp_socket ] Source ifconfig Source Path /sbin/ifconfig Port <Unknown> Host machine_name Source RPM Packages net-tools-1.60-78.el5 Target RPM Packages Policy RPM selinux-policy-2.4.6-203.el5 Selinux Enabled True Policy Type targeted MLS Enabled True Enforcing Mode Enforcing Plugin Name catchall Host Name machine_name Platform Linux machine_name 2.6.18-128.el5PAE #1 SMP Wed Dec 17 12:02:33 EST 2008 i686 i686 Alert Count 2141 First Seen Thu Feb 12 05:48:20 2009 Last Seen Mon Feb 16 22:24:16 2009 Local ID 4ffeda18-6826-4644-8a33-d06308dc858d Line Numbers Raw Audit Messages host=kil-sm-1.UCIS.Dal.Ca type=AVC msg=audit(1234837456.319:51665): avc: denied { read write } for pid=12961 comm="ifconfig" path="socket:[14424084]" dev=sockfs ino=14424084 scontext=system_u:system_r:ifconfig_t:s0 tcontext=system_u:system_r:initrc_t:s0 tclass=tcp_socket host=kil-sm-1.UCIS.Dal.Ca type=SYSCALL msg=audit(1234837456.319:51665): arch=40000003 syscall=11 success=yes exit=0 a0=807bf90 a1=8147f10 a2=8071b58 a3=805e008 items=0 ppid=12959 pid=12961 auid=4294967295 uid=9242 gid=9242 euid=9242 suid=9242 fsuid=9242 egid=9242 sgid=9242 fsgid=9242 tty=(none) ses=4294967295 comm="ifconfig" exe="/sbin/ifconfig" subj=system_u:system_r:ifconfig_t:s0 key=(null)
The reason for the high severity it that we are in a desperate issues with our entire mail system incoming/outgoing and imap. These monitoring routines are crucial for the on going analysis. Thanks, -- Donnie
It seems that this isn't a bug in net-tools but in a program, which executes ifconfig. it looks like that the program causes leaked file descriptor. Can you describe how you use ifconfig? Also look at this bug #428553. It is similar to this bug. Anyway, if you can. then try to use iproute instead of net-tools, it's better these days.