Summary: SELinux is preventing /usr/sbin/NetworkManager "unlink" access on /etc/NetworkManager/NetworkManager.conf. Detailed Description: SELinux denied access requested by NetworkManager. It is not expected that this access is required by NetworkManager and this access may signal an intrusion attempt. It is also possible that the specific version or configuration of the application is causing it to require additional access. Allowing Access: You can generate a local policy module to allow this access - see FAQ (http://docs.fedoraproject.org/selinux-faq-fc5/#id2961385) Please file a bug report. Additional Information: Source Context system_u:system_r:NetworkManager_t:s0 Target Context system_u:object_r:etc_t:s0 Target Objects /etc/NetworkManager/NetworkManager.conf [ file ] Source NetworkManager Source Path /usr/sbin/NetworkManager Port <Unknown> Host localhost.localdomain Source RPM Packages NetworkManager-0.8.1-6.git20100831.fc14 Target RPM Packages NetworkManager-0.8.1-6.git20100831.fc14 Policy RPM selinux-policy-3.9.5-7.fc14 Selinux Enabled True Policy Type targeted Enforcing Mode Enforcing Plugin Name catchall Host Name localhost.localdomain Platform Linux localhost.localdomain 2.6.35.4-28.fc14.x86_64 #1 SMP Wed Sep 15 01:56:54 UTC 2010 x86_64 x86_64 Alert Count 1 First Seen Thu 07 Oct 2010 03:30:09 PM CDT Last Seen Thu 07 Oct 2010 03:30:09 PM CDT Local ID 482350b7-3b53-43e5-b813-fb960015e075 Line Numbers Raw Audit Messages node=localhost.localdomain type=AVC msg=audit(1286483409.456:62480): avc: denied { unlink } for pid=6264 comm="NetworkManager" name="NetworkManager.conf" dev=dm-0 ino=53046 scontext=system_u:system_r:NetworkManager_t:s0 tcontext=system_u:object_r:etc_t:s0 tclass=file node=localhost.localdomain type=SYSCALL msg=audit(1286483409.456:62480): arch=c000003e syscall=82 success=no exit=-13 a0=966810 a1=950f90 a2=961ea0 a3=1 items=0 ppid=1 pid=6264 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="NetworkManager" exe="/usr/sbin/NetworkManager" subj=system_u:system_r:NetworkManager_t:s0 key=(null)
NetworkManager doesn't delete its configuration file. However, it makes changes to that. They are done by means of g_file_set_contents() that in turn calls rename(). So, I guess that the rename() could cause that. What do you think?
Yes that is probably what is happening. But why does NetworkManager edit its config?
It does that in two cases, AFAIK: 1) kostname: 'keyfile' system settings plugin stores persistent hostname there 2) no-auto-default: NM adds MAC address of the interface for which it should not create default wired interface (Auto ethX) next time see 'man NetworkManager.conf' or http://cgit.freedesktop.org/NetworkManager/NetworkManager/tree/man/NetworkManager.conf.5.in
Ok I added labels for these directories in /etc/NetworkManager Fixed in selinux-policy-3.9.6-3.fc14