SELinux is preventing /sbin/ip from using the 'sys_module' capabilities. ***** Plugin sys_module (99.5 confidence) suggests ************************* If you do not believe that /sbin/ip should be attempting to modify the kernel by loading a kernel module. Then a process might be attempting to hack into your system. Do contact your security administrator and report this issue. ***** Plugin catchall (1.49 confidence) suggests *************************** If you believe that ip should have the sys_module capability by default. Then you should report this as a bug. You can generate a local policy module to allow this access. Do allow this access for now by executing: # grep ip /var/log/audit/audit.log | audit2allow -M mypol # semodule -i mypol.pp Additional Information: Source Context system_u:system_r:ifconfig_t:s0 Target Context system_u:system_r:ifconfig_t:s0 Target Objects Unknown [ capability ] Source ip Source Path /sbin/ip Port <Unknown> Host (removed) Source RPM Packages iproute-2.6.38.1-3.fc15 Target RPM Packages Policy RPM selinux-policy-3.9.16-21.fc15 Selinux Enabled True Policy Type targeted Enforcing Mode Enforcing Host Name (removed) Platform Linux (removed) 2.6.38.5-22.fc15.x86_64 #1 SMP Mon May 2 19:28:55 UTC 2011 x86_64 x86_64 Alert Count 2 First Seen Thu 05 May 2011 11:58:57 AM CEST Last Seen Thu 05 May 2011 11:58:57 AM CEST Local ID f03cec81-f582-4a12-bb9a-f5a02bdbe4e3 Raw Audit Messages type=AVC msg=audit(1304589537.935:50): avc: denied { sys_module } for pid=1426 comm="ip" capability=16 scontext=system_u:system_r:ifconfig_t:s0 tcontext=system_u:system_r:ifconfig_t:s0 tclass=capability type=SYSCALL msg=audit(1304589537.935:50): arch=x86_64 syscall=ioctl success=no exit=ENODEV a0=4 a1=8933 a2=7fff79279c70 a3=f items=0 ppid=1423 pid=1426 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=ip exe=/sbin/ip subj=system_u:system_r:ifconfig_t:s0 key=(null) Hash: ip,ifconfig_t,ifconfig_t,capability,sys_module audit2allow #============= ifconfig_t ============== allow ifconfig_t self:capability sys_module; audit2allow -R #============= ifconfig_t ============== allow ifconfig_t self:capability sys_module;
This was just after a reboot following an update. I don't know whether this is a policy problem or a problem in /sbin/ip, but I strongly suspect the former (/sbin/ip might want to load crypto-related modules?). % sudo yum list installed "selinux*" Loaded plugins: langpacks, presto, refresh-packagekit Installed Packages selinux-policy.noarch 3.9.16-21.fc15 @updates-testing selinux-policy-targeted.noarch 3.9.16-21.fc15 @updates-testing
I get this bug when resuming from suspend. Gene
Fxed in selinux-policy-3.9.16-23.fc15
I also get this bug when resuming from suspend.
(In reply to comment #4) > I also get this bug when resuming from suspend. After reading the comment from Miroslav Grepl and then looking at my installed version, it seems that I am still on 3.9.16-21.fc15. I suppose the next time yum updates, this will be fixed. I ran an update check this morning but there were no new packages.
(In reply to comment #5) > it seems that I am still on 3.9.16-21.fc15. I suppose the next time > yum updates, this will be fixed. I ran an update check this morning but there > were no new packages. I did exactly the same. However, funnily enough, google searching for that package brings up results related to Chrome. Is that package in updates-testing or only in koji?
It seems to be mirror-related, as the Italian mirror seems to be stuck at 3 days ago.
(In reply to comment #5) > (In reply to comment #4) > > I also get this bug when resuming from suspend. > > After reading the comment from Miroslav Grepl and then looking at my installed > version, it seems that I am still on 3.9.16-21.fc15. I suppose the next time > yum updates, this will be fixed. I ran an update check this morning but there > were no new packages. selinux-policy-3.9.16-23.fc15 hasn't been pushed to the repos. If you want to test the new version, it is here: https://admin.fedoraproject.org/updates/selinux-policy-3.9.16-23.fc15
bodhi - 2011-05-07 15:08:02 This update has been pushed to testing https://admin.fedoraproject.org/updates/selinux-policy-3.9.16-23.fc15
On my sistem after remove puseaudio this bug not appear.
selinux-policy-3.9.16-24.fc15 has been submitted as an update for Fedora 15. https://admin.fedoraproject.org/updates/selinux-policy-3.9.16-24.fc15
Package selinux-policy-3.9.16-24.fc15: * should fix your issue, * was pushed to the Fedora 15 testing repository, * should be available at your local mirror within two days. Update it with: # su -c 'yum update --enablerepo=updates-testing selinux-policy-3.9.16-24.fc15' as soon as you are able to. Please go to the following url: https://admin.fedoraproject.org/updates/selinux-policy-3.9.16-24.fc15 then log in and leave karma (feedback).
Yes i'm almost repositories enabled.
selinux-policy-3.9.16-24.fc15 has been pushed to the Fedora 15 stable repository. If problems still persist, please make note of it in this bug report.
what about f14 ?
Fixed in selinux-policy-3.9.7-44.fc14