Summary: SELinux is preventing /sbin/ifconfig "read" access on /var/lib/squeezeboxserver/cache/InstalledPlugins/Plugins/SrvrPowerCtrl/Plugin.pm. Detailed Description: [ifconfig has a permissive type (ifconfig_t). This access was not denied.] SELinux denied access requested by ifconfig. It is not expected that this access is required by ifconfig and this access may signal an intrusion attempt. It is also possible that the specific version or configuration of the application is causing it to require additional access. Allowing Access: You can generate a local policy module to allow this access - see FAQ (http://fedora.redhat.com/docs/selinux-faq-fc5/#id2961385) Please file a bug report. Additional Information: Source Context unconfined_u:system_r:ifconfig_t:s0 Target Context unconfined_u:object_r:mysqld_db_t:s0 Target Objects /var/lib/squeezeboxserver/cache/InstalledPlugins/P lugins/SrvrPowerCtrl/Plugin.pm [ file ] Source ifconfig Source Path /sbin/ifconfig Port <Unknown> Host (removed) Source RPM Packages net-tools-1.60-99.fc12 Target RPM Packages Policy RPM selinux-policy-3.6.32-63.fc12 Selinux Enabled True Policy Type targeted Enforcing Mode Enforcing Plugin Name catchall Host Name (removed) Platform Linux (removed) 2.6.31.9-174.fc12.i686.PAE #1 SMP Mon Dec 21 06:04:56 UTC 2009 i686 i686 Alert Count 3 First Seen Thu 31 Dec 2009 10:34:27 AM MST Last Seen Thu 31 Dec 2009 10:34:27 AM MST Local ID 846e3625-aa84-4c33-aa3e-23c631b49dde Line Numbers Raw Audit Messages node=(removed) type=AVC msg=audit(1262280867.937:27631): avc: denied { read } for pid=2741 comm="ifconfig" path="/var/lib/squeezeboxserver/cache/InstalledPlugins/Plugins/SrvrPowerCtrl/Plugin.pm" dev=sda2 ino=809721 scontext=unconfined_u:system_r:ifconfig_t:s0 tcontext=unconfined_u:object_r:mysqld_db_t:s0 tclass=file node=(removed) type=AVC msg=audit(1262280867.937:27631): avc: denied { read } for pid=2741 comm="ifconfig" path="inotify" dev=inotifyfs ino=1 scontext=unconfined_u:system_r:ifconfig_t:s0 tcontext=system_u:object_r:inotifyfs_t:s0 tclass=dir node=(removed) type=AVC msg=audit(1262280867.937:27631): avc: denied { read } for pid=2741 comm="ifconfig" path="inotify" dev=inotifyfs ino=1 scontext=unconfined_u:system_r:ifconfig_t:s0 tcontext=system_u:object_r:inotifyfs_t:s0 tclass=dir node=(removed) type=SYSCALL msg=audit(1262280867.937:27631): arch=40000003 syscall=11 success=yes exit=0 a0=bfb54ab0 a1=cc6689c a2=bfb55d04 a3=bfb56b71 items=0 ppid=2739 pid=2741 auid=500 uid=488 gid=469 euid=488 suid=488 fsuid=488 egid=469 sgid=469 fsgid=469 tty=(none) ses=1 comm="ifconfig" exe="/sbin/ifconfig" subj=unconfined_u:system_r:ifconfig_t:s0 key=(null) Hash String generated from selinux-policy-3.6.32-63.fc12,catchall,ifconfig,ifconfig_t,mysqld_db_t,file,read audit2allow suggests: audit2allow is not installed.
Um...why in the world would ifconfig want to "read" a perl module?
It doesn't. This is a leaked file descriptor. Looks like a bug in squezeboxserver. Why is /var/lib/squeezeboxserver/cache/InstalledPlugins/Plugins/SrvrPowerCtrl/Plugin.pm labeled mysqld_db_t? ls -lZ /var/lib/squeezeboxserver/cache/InstalledPlugins/Plugins/SrvrPowerCtrl/Plugin.pm squeezeboxserver needs to close its file descriptors on exec fcntl(fd, F_SETFD, FD_CLOEXEC) You can allow these leaks for now by executing # grep ifconfig /var/log/audit/audit.log | audit2allow myifconfig # semodule -i myifconfig.pp