The following was filed automatically by setroubleshoot: Summary: SELinux is preventing 10-dhclient (devicekit_power_t) "search" to network-scripts (net_conf_t). Detailed Description: SELinux denied access requested by 10-dhclient. The current boolean settings do not allow this access. If you have not setup 10-dhclient to require this access this may signal an intrusion attempt. If you do intend this access you need to change the booleans on this system to allow the access. Allowing Access: Confined processes can be configured to to run requiring different access, SELinux provides booleans to allow you to turn on/off access as needed. The boolean allow_ypbind is set incorrectly. Boolean Description: Allow system to run with NIS Fix Command: # setsebool -P allow_ypbind 1 Additional Information: Source Context system_u:system_r:devicekit_power_t:s0-s0:c0.c1023 Target Context system_u:object_r:net_conf_t:s0 Target Objects network-scripts [ dir ] Source 10-dhclient Source Path /bin/bash Port <Unknown> Host (removed) Source RPM Packages bash-4.0.28-1.fc12 Target RPM Packages Policy RPM selinux-policy-3.6.26-8.fc12 Selinux Enabled True Policy Type targeted MLS Enabled True Enforcing Mode Enforcing Plugin Name catchall_boolean Host Name (removed) Platform Linux (removed) 2.6.31-0.125.4.2.rc5.git2.fc12.x86_64 #1 SMP Tue Aug 11 21:00:45 EDT 2009 x86_64 x86_64 Alert Count 2 First Seen Thu 20 Aug 2009 11:43:58 EST Last Seen Thu 20 Aug 2009 11:44:13 EST Local ID 611a0e0b-50d4-425e-87cc-f0431203d498 Line Numbers Raw Audit Messages node=(removed) type=AVC msg=audit(1250732653.379:31): avc: denied { search } for pid=1693 comm="10-dhclient" name="network-scripts" dev=dm-5 ino=81441 scontext=system_u:system_r:devicekit_power_t:s0-s0:c0.c1023 tcontext=system_u:object_r:net_conf_t:s0 tclass=dir node=(removed) type=SYSCALL msg=audit(1250732653.379:31): arch=c000003e syscall=4 success=no exit=-2 a0=e888e0 a1=7fff17c7b340 a2=7fff17c7b340 a3=8 items=0 ppid=1484 pid=1693 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="10-dhclient" exe="/bin/bash" subj=system_u:system_r:devicekit_power_t:s0-s0:c0.c1023 key=(null) audit2allow suggests: #============= devicekit_power_t ============== allow devicekit_power_t net_conf_t:dir search;
Fixed in selinux-policy-3.6.28-3.fc12.noarch