Zusammenfassung: SELinux is preventing /sbin/dhclient "getcap" access. Detaillierte Beschreibung: SELinux denied access requested by dhclient. It is not expected that this access is required by dhclient and this access may signal an intrusion attempt. It is also possible that the specific version or configuration of the application is causing it to require additional access. Zugriff erlauben: You can generate a local policy module to allow this access - see FAQ (http://fedora.redhat.com/docs/selinux-faq-fc5/#id2961385) Please file a bug report. Zusätzliche Informationen: Quellkontext unconfined_u:system_r:dhcpc_t:s0 Zielkontext unconfined_u:system_r:dhcpc_t:s0 Zielobjekte None [ process ] Quelle dhclient Quellen-Pfad /sbin/dhclient Port <Unbekannt> Host (removed) Quellen-RPM-Pakete dhclient-4.1.0p1-11.fc12 Ziel-RPM-Pakete RPM-Richtlinie selinux-policy-3.6.32-24.fc12 SELinux aktiviert True Richtlinienversion targeted MLS aktiviert True Enforcing-Modus Enforcing Plugin-Name catchall Hostname (removed) Plattform Linux (removed) 2.6.31.1-56.fc12.x86_64 #1 SMP Tue Sep 29 16:16:22 EDT 2009 x86_64 x86_64 Anzahl der Alarme 3 Zuerst gesehen Mo 12 Okt 2009 06:28:49 CEST Zuletzt gesehen Mo 12 Okt 2009 02:37:07 CEST Lokale ID 28c67916-e4be-469f-ba84-828bd5401639 Zeilennummern Raw-Audit-Meldungen node=(removed) type=AVC msg=audit(1255307827.229:29787): avc: denied { getcap } for pid=6175 comm="dhclient" scontext=unconfined_u:system_r:dhcpc_t:s0 tcontext=unconfined_u:system_r:dhcpc_t:s0 tclass=process node=(removed) type=SYSCALL msg=audit(1255307827.229:29787): arch=c000003e syscall=125 success=no exit=-13 a0=7f7ebbbe26f4 a1=7f7ebbbe26fc a2=1 a3=7fff62964f70 items=0 ppid=6118 pid=6175 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts0 ses=2 comm="dhclient" exe="/sbin/dhclient" subj=unconfined_u:system_r:dhcpc_t:s0 key=(null) Hash String generated from selinux-policy-3.6.32-24.fc12,catchall,dhclient,dhcpc_t,dhcpc_t,process,getcap audit2allow suggests: #============= dhcpc_t ============== allow dhcpc_t self:process getcap;
Looks like this should be in this policy. Could you make sure your policy successfully installed. yum reinstall selinux-policy-targeted Make sure nothing breaks on the install.
*** Bug 528399 has been marked as a duplicate of this bug. ***
Ok, after reinstalling the policy and relabeling everything, the alert is not shown anymore.