Hide Forgot
SELinux is preventing /sbin/ifconfig from read, write access on the netlink_route_socket netlink_route_socket. ***** Plugin catchall (50.5 confidence) suggests *************************** If you believe that ifconfig should be allowed read write access on the netlink_route_socket netlink_route_socket by default. Then you should report this as a bug. You can generate a local policy module to allow this access. Do allow this access for now by executing: # grep ifconfig /var/log/audit/audit.log | audit2allow -M mypol # semodule -i mypol.pp ***** Plugin leaks (50.5 confidence) suggests ****************************** If you want to ignore ifconfig trying to read write access the netlink_route_socket netlink_route_socket, because you believe it should not need this access. Then you should report this as a bug. You can generate a local policy module to dontaudit this access. Do # grep /sbin/ifconfig /var/log/audit/audit.log | audit2allow -D -M mypol # semodule -i mypol.pp Additional Information: Source Context unconfined_u:system_r:ifconfig_t:s0 Target Context unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1 023 Target Objects netlink_route_socket [ netlink_route_socket ] Source ifconfig Source Path /sbin/ifconfig Port <Unknown> Host (removed) Source RPM Packages net-tools-1.60-105.fc14.1 Target RPM Packages Policy RPM selinux-policy-3.9.7-29.fc14 Selinux Enabled True Policy Type targeted Enforcing Mode Enforcing Host Name (removed) Platform Linux (removed) 2.6.35.11-83.fc14.i686.PAE #1 SMP Mon Feb 7 06:57:55 UTC 2011 i686 i686 Alert Count 1 First Seen Sun 20 Feb 2011 11:16:14 PM NZDT Last Seen Sun 20 Feb 2011 11:16:14 PM NZDT Local ID 7734ce9d-09b8-478d-a448-a56318a35d80 Raw Audit Messages type=AVC msg=audit(1298196974.740:28517): avc: denied { read write } for pid=2594 comm="ifconfig" path="socket:[32447]" dev=sockfs ino=32447 scontext=unconfined_u:system_r:ifconfig_t:s0 tcontext=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 tclass=netlink_route_socket type=SYSCALL msg=audit(1298196974.740:28517): arch=i386 syscall=execve success=yes exit=0 a0=9ae84a0 a1=9ae7560 a2=9ae53b8 a3=9ae7560 items=0 ppid=2593 pid=2594 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=1 comm=ifconfig exe=/sbin/ifconfig subj=unconfined_u:system_r:ifconfig_t:s0 key=(null) Hash: ifconfig,ifconfig_t,unconfined_t,netlink_route_socket,read,write audit2allow #============= ifconfig_t ============== allow ifconfig_t unconfined_t:netlink_route_socket { read write }; audit2allow -R #============= ifconfig_t ============== allow ifconfig_t unconfined_t:netlink_route_socket { read write };
I should add to the report above that it occurred when activating a ppp connection over my modem, as I was testing that dialup still works. The ppp connection is up and working despite selinux denying ifconfig.
This is a leak. Which tool were you using? Also you can dontaudit it using # grep /sbin/ifconfig /var/log/audit/audit.log | audit2allow -D -M mypol # semodule -i mypol.pp
My desktop is probably a little unusual, it's been upgraded through most versions between Core 10 or so to 14, so has some setup which isn't properly integrated with NetworkManager. The ppp dialup was not available in NetworkManager applet so I had to uncheck Controlled by NetworkManager in system-config-network 1.6.2 and start it from there. Contents of /etc/sysconfig/network-scripts/ifcfg-planet: DEVICE=ppp0 BOOTPROTO=dialup TYPE=Modem NM_CONTROLLED=no ONBOOT=no USERCTL=yes PEERDNS=yes IPV6INIT=no AC=off BSDCOMP=off VJCCOMP=off CCP=off PC=off VJ=off LINESPEED=115200 MODEMPORT=/dev/ttyS0 IDLETIMEOUT=600 PROVIDER=planet DEFROUTE=yes PERSIST=no PAPNAME=richard WVDIALSECT=planet MODEMNAME=Modem0 DEMAND=no PPPOPTIONS=
I would bet system-config-network.
If it happens again please reopen.