Zusammenfassung: SELinux is preventing /sbin/ip "read" access on /var/run/pm-utils/network/dhclient.suspend. Detaillierte Beschreibung: [ip hat einen zugelassenen Typ (ifconfig_t). Dieser Zugriff wurde nicht verweigert.] SELinux denied access requested by ip. It is not expected that this access is required by ip and this access may signal an intrusion attempt. It is also possible that the specific version or configuration of the application is causing it to require additional access. Zugriff erlauben: You can generate a local policy module to allow this access - see FAQ (http://docs.fedoraproject.org/selinux-faq-fc5/#id2961385) Please file a bug report. Zusätzliche Informationen: Quellkontext system_u:system_r:ifconfig_t:s0-s0:c0.c1023 Zielkontext system_u:object_r:hald_var_run_t:s0 Zielobjekte /var/run/pm-utils/network/dhclient.suspend [ file ] Quelle ip Quellpfad /sbin/ip Port <Unbekannt> Host (removed) RPM-Pakete der Quelle iproute-2.6.29-4.fc12 RPM-Pakete des Ziels Richtlinien-RPM selinux-policy-3.6.32-108.fc12 SELinux aktiviert True Richtlinientyp targeted Enforcing-Modus Enforcing Plugin-Name catchall Rechnername (removed) Plattform Linux (removed) 2.6.32.11-99.fc12.x86_64 #1 SMP Mon Apr 5 19:59:38 UTC 2010 x86_64 x86_64 Anzahl der Alarme 12 Zuerst gesehen Fr 09 Apr 2010 14:18:31 CEST Zuletzt gesehen Di 20 Apr 2010 08:44:15 CEST Lokale ID 0b14b7a8-3568-4ac6-8b16-698a228d5273 Zeilennummern Raw-Audit-Meldungen node=(removed) type=AVC msg=audit(1271745855.600:32332): avc: denied { read } for pid=4960 comm="ip" path="/var/run/pm-utils/network/dhclient.suspend" dev=sda7 ino=532661 scontext=system_u:system_r:ifconfig_t:s0-s0:c0.c1023 tcontext=system_u:object_r:hald_var_run_t:s0 tclass=file node=(removed) type=SYSCALL msg=audit(1271745855.600:32332): arch=c000003e syscall=59 success=yes exit=0 a0=f27de0 a1=ed8000 a2=ee42a0 a3=38 items=0 ppid=4937 pid=4960 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="ip" exe="/sbin/ip" subj=system_u:system_r:ifconfig_t:s0-s0:c0.c1023 key=(null) Hash String generated from catchall,ip,ifconfig_t,hald_var_run_t,file,read audit2allow suggests: #============= ifconfig_t ============== allow ifconfig_t hald_var_run_t:file read;
Steps to reproduce: - close the notebook lid and wait until it sleeps - open notebook again - after wakeup this audit is logged
######################################## ## <summary> ## dontaudit read hald PID files. ## </summary> ## <param name="domain"> ## <summary> ## Domain allowed access. ## </summary> ## </param> # interface(`hal_dontaudit_read_pid_files',` gen_require(` type hald_var_run_t; ') files_search_pids($1) allow $1 hald_var_run_t:file read_file_perms; ') hal_dontaudit_read_pid_files(ifconfig_t)
Fixed in selinux-policy-3.6.32-113.fc12
selinux-policy-3.6.32-113.fc12 has been submitted as an update for Fedora 12. http://admin.fedoraproject.org/updates/selinux-policy-3.6.32-113.fc12
selinux-policy-3.6.32-113.fc12 has been pushed to the Fedora 12 testing repository. If problems still persist, please make note of it in this bug report. If you want to test the update, you can install it with su -c 'yum --enablerepo=updates-testing update selinux-policy'. You can provide feedback for this update here: http://admin.fedoraproject.org/updates/selinux-policy-3.6.32-113.fc12
selinux-policy-3.6.32-113.fc12 has been pushed to the Fedora 12 stable repository. If problems still persist, please make note of it in this bug report.