概述: SELinux is preventing /usr/sbin/snort-plain "module_request" access. 详细描述: SELinux denied access requested by snort. It is not expected that this access is required by snort and this access may signal an intrusion attempt. It is also possible that the specific version or configuration of the application is causing it to require additional access. 允许访问: You can generate a local policy module to allow this access - see FAQ (http://fedora.redhat.com/docs/selinux-faq-fc5/#id2961385) Please file a bug report. 附加信息: 源上下文 system_u:system_r:snort_t:s0 目标上下文 system_u:system_r:kernel_t:s0 目标对象 None [ system ] 源 snort 源路径 /usr/sbin/snort-plain 端口 <未知> 主机 (removed) 源 RPM 软件包 snort-2.8.5.1-1.fc12 目标 RPM 软件包 策略 RPM selinux-policy-3.6.32-55.fc12 启用 Selinux True 策略类型 targeted Enforcing 模式 Enforcing 插件名称 catchall 主机名 (removed) 平台 Linux (removed) 2.6.31.6-162.fc12.x86_64 #1 SMP Fri Dec 4 00:06:26 EST 2009 x86_64 x86_64 警报计数 10 第一个 2009年12月06日 星期日 04时13分38秒 最后一个 2009年12月09日 星期三 00时01分33秒 本地 ID 2b4167f4-685e-4fc8-944e-15d2b167de30 行号 原始核查信息 node=(removed) type=AVC msg=audit(1260288093.78:23): avc: denied { module_request } for pid=1664 comm="snort" scontext=system_u:system_r:snort_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=system node=(removed) type=SYSCALL msg=audit(1260288093.78:23): arch=c000003e syscall=41 success=no exit=-97 a0=1f a1=3 a2=1 a3=0 items=0 ppid=1663 pid=1664 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="snort" exe="/usr/sbin/snort-plain" subj=system_u:system_r:snort_t:s0 key=(null) Hash String generated from selinux-policy-3.6.32-55.fc12,catchall,snort,snort_t,kernel_t,system,module_request audit2allow suggests: #============= snort_t ============== allow snort_t kernel_t:system module_request;
Did you disable ipv6?
No, ipv6 is enabled.
You can add these rules for now using # grep avc /var/log/audit/audit.log | audit2allow -M mypol # semodule -i mypol.pp Fixed in selinux-policy-3.6.32-65.fc12.noarch
selinux-policy-3.6.32-66.fc12 has been submitted as an update for Fedora 12. http://admin.fedoraproject.org/updates/selinux-policy-3.6.32-66.fc12
selinux-policy-3.6.32-66.fc12 has been pushed to the Fedora 12 testing repository. If problems still persist, please make note of it in this bug report. If you want to test the update, you can install it with su -c 'yum --enablerepo=updates-testing update selinux-policy'. You can provide feedback for this update here: http://admin.fedoraproject.org/updates/F12/FEDORA-2010-0184
selinux-policy-3.6.32-66.fc12 has been pushed to the Fedora 12 stable repository. If problems still persist, please make note of it in this bug report.
Thank you, Daniel Walsh, the problem was fixed by updating selinux-policy to selinux-policy-3.6.32-66.fc12. But some new problems appear related to vmware virtual network interface. I will report it later on.