Summary: SELinux is preventing /usr/sbin/NetworkManager "create" access on NetworkManager.state.28GQ6U. Detailed Description: SELinux denied access requested by NetworkManager. It is not expected that this access is required by NetworkManager and this access may signal an intrusion attempt. It is also possible that the specific version or configuration of the application is causing it to require additional access. Allowing Access: You can generate a local policy module to allow this access - see FAQ (http://fedora.redhat.com/docs/selinux-faq-fc5/#id2961385) Please file a bug report. Additional Information: Source Context system_u:system_r:NetworkManager_t:s0 Target Context system_u:object_r:var_lib_t:s0 Target Objects NetworkManager.state.28GQ6U [ file ] Source NetworkManager Source Path /usr/sbin/NetworkManager Port <Unknown> Host (removed) Source RPM Packages NetworkManager-0.7.997-2.git20091214.fc12 Target RPM Packages Policy RPM selinux-policy-3.6.32-69.fc12 Selinux Enabled True Policy Type targeted Enforcing Mode Enforcing Plugin Name catchall Host Name (removed) Platform Linux Taraknor 2.6.31.9-174.fc12.x86_64 #1 SMP Mon Dec 21 05:33:33 UTC 2009 x86_64 x86_64 Alert Count 1 First Seen Wed 20 Jan 2010 08:35:48 PM EST Last Seen Wed 20 Jan 2010 08:35:48 PM EST Local ID 7d3f968e-3465-4463-bc13-505fbb81ca6a Line Numbers Raw Audit Messages node=Taraknor type=AVC msg=audit(1264037748.251:6): avc: denied { create } for pid=1106 comm="NetworkManager" name="NetworkManager.state.28GQ6U" scontext=system_u:system_r:NetworkManager_t:s0 tcontext=system_u:object_r:var_lib_t:s0 tclass=file node=Taraknor type=SYSCALL msg=audit(1264037748.251:6): arch=c000003e syscall=2 success=no exit=-13 a0=133b020 a1=c2 a2=1b6 a3=4d6b726f7774654e items=0 ppid=1105 pid=1106 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="NetworkManager" exe="/usr/sbin/NetworkManager" subj=system_u:system_r:NetworkManager_t:s0 key=(null) Hash String generated from selinux-policy-3.6.32-69.fc12,catchall,NetworkManager,NetworkManager_t,var_lib_t,file,create audit2allow suggests: #============= NetworkManager_t ============== allow NetworkManager_t var_lib_t:file create;
Fresh fc12 install, rtl8187 wireless was working fine for 2days began adding software-added vlc media player(doubt is the problem) rebooted and now wireless will no longer located cloud networks
restorecon -R -v /var/lib Will fix. But I would like to know what removed the /var/lib/NetworkManager directory.
fresh f12 install, message didn't appear on first 2 boots, i then updated using yum and then this error message started appearing on boot as soon as networkmanager is started, and sealert then appears when you get to the desktop if i can help with debugging let me know phil
I guess I want to see it happen again. IE the directory get mislabeled again. The version of policy you installed, runs restorecon -R -v /var/lib in its post. So it should have cleaned up any mislabeled dir. If NetworkManager installed afterward with a new use of /var/lib/NetworkManager, it should have gotten labeled correctly when the dir got created.
if it's any help these were installed in the update Jan 21 13:05:30 Updated: 1:NetworkManager-0.7.997-2.git20091214.fc12.x86_64 Jan 21 13:05:53 Updated: 1:NetworkManager-gnome-0.7.997-2.git20091214.fc12.x86_64 Jan 21 12:53:38 Updated: 1:NetworkManager-glib-0.7.997-2.git20091214.fc12.x86_64 phil
Created attachment 386045 [details] yum update log from fresh install to todays updates @ ~ 1pm UK time yum log to see order packages were installed
Thanks but I don't see how this can happen, unless there is a rogue script that is rm -rf /var/lib/NetworkManager mkdir /var/lib/NetworkManager
This is from a newly installed system, literally up for about 5 minutes, shortly after the first time I log into GNOME. Is there other info from the machine that I could send that would help? Joshua
I guess if it happens again, we will know there a processes that is removing and recreating the directory. I ran two tests. # chcon -t var_lib_t /var/lib/NetworkManager # yum -y reinstall selinux-policy-targeted # ls -lZd /var/lib/NetworkManager/ drwxr-xr-x. root root system_u:object_r:NetworkManager_var_lib_t:s0 /var/lib/NetworkManager/ # rm -rf /var/lib/NetworkManager # yum -y reinstall NetworkManager # ls -lZd /var/lib/NetworkManager/ drwxr-xr-x. root root system_u:object_r:NetworkManager_var_lib_t:s0 /var/lib/NetworkManager/ I am at a loss.
*** Bug 557778 has been marked as a duplicate of this bug. ***
I have just power on my computer, and Selinux was configured in "strict" mode. I've full of message from Selinux before to change the mode in permissive to be quite.
Belenos06, Could you make sure your machine is labeled correctly touch /.autorelabel; reboot
*** Bug 558609 has been marked as a duplicate of this bug. ***
Also on a fresh F12 install here. yum.log says: # grep NetworkManager-0 /var/log/yum.log |grep Updated Jan 24 15:50:26 Updated: 1:NetworkManager-0.7.997-2.git20091214.fc12.x86_64 # grep selinux /var/log/yum.log |grep Updated Jan 24 15:13:29 Updated: selinux-policy-3.6.32-69.fc12.noarch Jan 24 15:28:37 Updated: selinux-policy-targeted-3.6.32-69.fc12.noarch
Problem is triggered for me on a resume.
I have this problem both in Fedora 32 bits and 64 bits. Model: Toshiba Satellite T110 Videocard: Mobile Intel® GMA 4500 Network: Atheros AR8132 PCI-EFast Ethernet Controller (NDIS 6.20) Wifi: IRealtek RTL8191SE Wireless LAN 802.11n PCI-E NIC (Hardware ID: pci\ven_10ec&dev_8172)0 Bluetooth: (Not Working) Bluetooth ACPI -> Toshiba Webcam: Chicony Brigtness controls not working Display:1366x768
If you run restorecon -R -v /var/lib Does the problem come back?
No, that works around it okay, but it doesn't fix the bug :(
Let me restate the bug as I understand it. For some reason on an initial install of F12 and running updates, /var/lib/NetworkManager ends up labeled var_lib_t instead of NetworkManager_var_lib_t. Running restorecon fixes the problem. The question I have and have had is, Has anyone seen the problem come back after the labeling was fixed?
Also have this bug. I used # restorecon -R -v /var/lib but had later on at restart of ndiswrapper wlan and complete network (wired) failed to start. After several renames and reboots got it working again. But I still have this bug with network manager. As I'm pretty new what exactly is restorecon doing?
well i installed f12 to a new lappy and the bug appeared as expected but running restorecon has fixed it, also as expected, i've yet to see it reappear on the first machine i reported on or on this machine, i think it's a one time only problem daniel
(In reply to comment #20) > > > As I'm pretty new what exactly is restorecon doing? http://linux.die.net/man/8/restorecon
I am experiencing the same issue here. It started after an update yesterday 29th January. This has only appeared after a shutdown and startup. I have a total of 5 messages in the SeLinux reporter and they all seem to be related.
Selinux detected the same "suspicious behaviour" 10 times between Jan. 26 (the day that my Fedora 12 installation was completed with TeXmaker, Thunderbird, Tellico and GRAMPS) and Jan 20. Today I have found the 10 alerts when turning the computer on. I'll try the suggestion by Daniel Walsh as soon as the misbehaviour reappears, and will let yoy know.
In comment 24 I meant Jan. 29, not Jan. 20. Anyhow, I made three boots today, and nothing happened. So I did not run restorecon, only checked the NetworkManager labeling: [fcc@euclide ~]$ ls -Z /var/lib/NetworkManager -rw-r--r--. root root system_u:object_r:NetworkManager_var_lib_t:s0 NetworkManager.state Whenever anything was wrong (but I do not know whether this was the case) the system healed himself spontaneously. Strange behaviour indeed.
*** Bug 560283 has been marked as a duplicate of this bug. ***
Same SELinux policy problem. On Fedora 12 x64 with latest updates.
Fedora 12 x64 latest updates. # ls -Z /var/lib/NetworkManager -rw-r--r--. root root system_u:object_r:NetworkManager_var_lib_t:s0 NetworkManager.state # restorecon -R -v /var/lib didn't helped.
filadel, what avc are you seeing then?
I am seeing this on F12 32bit machine. restorecon -R -v /var/lib doesn't work for me either. Every login I see a pop up: SELinux is preventing /usr/sbin/NetworkManager "create" access on NetworkManager.state.xxxxxx In the troubleshooting browser nothing because I made the mistake of checking the stop bothering me box and now just get No alerts to view. From the docs I read I should be able to un-check that box and receive the errors again however that doesn't appear to be the case. I am not sure if htat is another bug or working as intended.
Could you login as root and get the output of ausearch -m avc -ts recent You can also remove the ~/.setroubleshoot from your home dir to remove the dontbother me stuff.
running the command as root returns <no matches> I removed the .setroubleshoot and rebooted and got this Summary: SELinux is preventing /usr/sbin/NetworkManager "create" access on NetworkManager.state.HF876U. Detailed Description: SELinux denied access requested by NetworkManager. It is not expected that this access is required by NetworkManager and this access may signal an intrusion attempt. It is also possible that the specific version or configuration of the application is causing it to require additional access. Allowing Access: You can generate a local policy module to allow this access - see FAQ (http://fedora.redhat.com/docs/selinux-faq-fc5/#id2961385) Please file a bug report. Additional Information: Source Context system_u:system_r:NetworkManager_t:s0 Target Context system_u:object_r:var_lib_t:s0 Target Objects NetworkManager.state.HF876U [ file ] Source NetworkManager Source Path /usr/sbin/NetworkManager Port <Unknown> Host black10 Source RPM Packages NetworkManager-0.7.997-2.git20091214.fc12 Target RPM Packages Policy RPM selinux-policy-3.6.32-69.fc12 Selinux Enabled True Policy Type targeted Enforcing Mode Enforcing Plugin Name catchall Host Name black10 Platform Linux black10 2.6.31.12-174.2.3.fc12.i686.PAE #1 SMP Mon Jan 18 20:06:44 UTC 2010 i686 i686 Alert Count 1 First Seen Fri 05 Feb 2010 10:04:50 PM EST Last Seen Fri 05 Feb 2010 10:04:50 PM EST Local ID 13eaf0ee-401c-4540-91d8-d5fed1c9b624 Line Numbers Raw Audit Messages node=black10 type=AVC msg=audit(1265425490.902:6): avc: denied { create } for pid=1176 comm="NetworkManager" name="NetworkManager.state.HF876U" scontext=system_u:system_r:NetworkManager_t:s0 tcontext=system_u:object_r:var_lib_t:s0 tclass=file node=black10 type=SYSCALL msg=audit(1265425490.902:6): arch=40000003 syscall=5 success=no exit=-13 a0=a0a3438 a1=80c2 a2=1b6 a3=20 items=0 ppid=1175 pid=1176 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="NetworkManager" exe="/usr/sbin/NetworkManager" subj=system_u:system_r:NetworkManager_t:s0 key=(null)
What does # restorecon -R -v /var/lib output What does ls -lZd /var/lib/NetworkManager output? This avc says it was last seen on 2/5 Did you run restorecon before this? or after this?
*** Bug 563084 has been marked as a duplicate of this bug. ***
Fixed in setroubleshoot-2.2.63-1.fc12 yum update setroubleshoot\* --enablerepo=updates-testing
NetworkManager-1:0.7.997-2.git20091214 contains a new /var/lib/NetworkManager but does not set the SELinux context to NetworkManager_var_lib_t (it ends up as var_lib_t instead) This can be fixed with restorecon See: http://koji.fedoraproject.org/koji/rpminfo?fileStart=150&rpmID=1726300&fileOrder=name&buildrootOrder=-id&buildrootStart=0#filelist The second to last file is the new /var/lib/NetworkManager
restorecon does not fix the problem (not for me anyway). What does # restorecon -R -v /var/lib output nothing except the command prompt after about 3 seconds. updated to setroubleshoot-2.2.63-1.fc12 and the error is gone. I didn't mess with networkmanager.
Installing selinux-policy-targeted-3.6.32-78 resolves the problem with the SELinux context of /var/lib/NetworkManager and should resolve this bug. Anyone still seeing this problem after installing the latest selinux-policy should look carefully to be sure they are not seeing OLD avc messages. Also, this bug is a dup of Bug 560317 (actually, it is a dup of this bug, but it already has a solution applied)
Yes, Jeff, but how do we get the sealert pop-up box from showing up on every bootup alerting us to the OLD messages? Deleting the messages did not stop the warning on my system. It only means that when you click "Show", you get an empty list.
Phil V: setroubleshoot-2.2.63-1.fc12 fixes that issue. yum update setroubleshoot\* --enablerepo=updates-testing or wait for it to be pushed to stable. If you do install the the test update, add a comment on bodhi to let us know if it resolved the issue for you. This can speed up the push to stable. https://admin.fedoraproject.org/updates/F12/FEDORA-2010-1591?_csrf_token=8f74964da5b17d39751f0cce78ffd6e4d591246d Setting status to ON_QA as we wait for the latest setroubleshoot package to hit stable.
setroubleshoot-2.2.63-2.fc12 has been pushed to the Fedora 12 testing repository. If problems still persist, please make note of it in this bug report. If you want to test the update, you can install it with su -c 'yum --enablerepo=updates-testing update setroubleshoot'. You can provide feedback for this update here: http://admin.fedoraproject.org/updates/F12/FEDORA-2010-1591
I followed Comment 40 but at least on immediate reboot the problem persists. Maybe deleting the alerts with the buggy gui put the system in a strange state? (The first time I attempted to delete them I backtracked through the list and found every other alert had the delete checkbox cleared... suggesting something peculiar going on.) is there a file I could just rename or move that would clear this? My Installed Packages: Name : setroubleshoot Arch : x86_64 Version : 2.2.63 Release : 1.fc12 Size : 235 k Repo : installed Name : setroubleshoot-plugins Arch : noarch Version : 2.1.40 Release : 1.fc12 Size : 3.9 M Repo : installed Name : setroubleshoot-server Arch : x86_64 Version : 2.2.63 Release : 1.fc12 Size : 1.1 M Repo : installed
rm -f ~/.setroubleshootrc
Hurrah! Problem is completely solved on my systems. Thank you for the help! rm -f ~/.setroubleshootrc removed the senseless warnings recorded in Comment 39. (for the record that file was something like an empty line followed by a option=value pair with empty value)
setroubleshoot-2.2.63-2.fc12 has been pushed to the Fedora 12 stable repository. If problems still persist, please make note of it in this bug report.
I had no problems with NetworkManager, but after install the rpm's today, I received 46 duplicate errors of this bug. I have a fresh F12 install and use a wireless connection. Greg Ennis Here is what I installed this afternoon : Mar 07 15:44:12 Installed: live555-0-0.24.2009.07.28.fc12.i686 Mar 07 15:44:15 Installed: libdca-0.0.5-5.fc12.i686 Mar 07 15:44:17 Installed: fribidi-0.19.2-2.fc12.i686 Mar 07 15:44:18 Installed: enca-1.10-1.fc12.i686 Mar 07 15:44:20 Installed: libdvdnav-4.1.4-0.1.svn1184.fc12.i686 Mar 07 15:44:22 Installed: libcaca-0.99-0.9.beta16.fc12.i686 Mar 07 15:44:26 Installed: mplayer-1.0-0.111.20091029svn.fc12.i686 Mar 07 15:44:28 Installed: mencoder-1.0-0.111.20091029svn.fc12.i686 Mar 07 15:44:32 Installed: gnome-mplayer-common-0.9.8-1.fc12.i686 Mar 07 15:44:41 Installed: gnome-mplayer-0.9.8-1.fc12.i686 Mar 07 15:44:45 Installed: gecko-mediaplayer-0.9.8-2.fc12.i686
Greg how is /var/lib/NetworkManager labeled? ls -ldZ /var/lib/NetworkManager
I did the restorecon command and it went to the next prompt. I then used the command to find out how it was labeled and this is what I discovered. I am asumming this is the right forum. i am very new to Linux. [root@fedora Reykvid]# restorecon -R -v var/lib [root@fedora Reykvid]# ls -ldZ /var/lib/NetworkManager drwxr-xr-x. root root system_u:object_r:var_lib_t:s0 /var/lib/NetworkManager
Nope that is wrong. Are you sure you have the correct policy installed. yum reinstall selinux-policy-targeted rpm -q selinux-policy-targeted
I did the yum reinstall selinux-policy-targeted. This is the result I got. Installed: selinux-policy-targeted.noarch 0:3.6.32-103.fc12 Complete! [root@fedora Reykvid]# rpm -q selinux-policy-targeted selinux-policy-targeted-3.6.32-103.fc12.noarch Is this correct?
matchpathcon /var/lib/NetworkManager restorecon -R -v /var/lib/NetworkManager
I did the matchpathcon and restorecon steps. This is the results on my screen. [root@fedora Reykvid]# matchpathcon /var/lib/NetworkManager /var/lib/NetworkManager system_u:object_r:NetworkManager_var_lib_t:s0 [root@fedora Reykvid]# restorecon -R -v /var/lib/NetworkManager [root@fedora Reykvid]# I will await further instructions.
That is correct label. You should not see the AVC anymore.
Thank you so much for your help. I really appreciate you walking me through this process.