Hide Forgot
# Description of problem: # # after a fresh install of fc15 UMTS works fine. ( ISO download whit UMTS # yesterday from fredoraprojekt.org) # # i do a "yum update" (605 updates) and a reboot. if i will (re) connect whit #network-manager to UMTS = fail # #i get a selinux msg. i click on the msg. and sealert comes not up only a new #error msg: -> Opps, sealert hit an error! Traceback (most recent call last): File "/usr/bin/sealert", line 692, in <module> run_as_dbus_service(username) File "/usr/bin/sealert", line 112, in run_as_dbus_service app = SEAlert(user, dbus_service.presentation_manager, watch_setroubleshootd=True) File "/usr/bin/sealert", line 326, in __init__ from setroubleshoot.browser import BrowserApplet File "/usr/lib/python2.7/site-packages/setroubleshoot/browser.py", line 41, in <module> import report.io.GTKIO ImportError: No module named GTKIO <- #the problem is: SELinux is preventing /usr/sbin/pppd (deleted) from read access on the lnk_file lock. #selinux tell my in a shell: ***** Plugin catchall (100. confidence) suggests *************************** If you believe that pppd (deleted) should be allowed read access on the lock lnk_file by default. Then you should report this as a bug. You can generate a local policy module to allow this access. Do allow this access for now by executing: ## grep pppd /var/log/audit/audit.log | audit2allow -M mypol ## semodule -i mypol.pp #if i do the grep - nothing happens #thx 4 help
The sealert bug is covered with https://bugzilla.redhat.com/show_bug.cgi?id=715373 Could you attach the Actually avc's you are seeing. ausearch -m avc -ts recent
-> ausearch -m avc -ts recent i typing in a rootshell = <no matches> if i typing in a usershell = [user@badpc ~]$ ausearch -m avc -ts recent Error opening config file (Keine Berechtigung) NOTE - using built-in logs: /var/log/audit/audit.log Error opening /var/log/audit/audit.log (Keine Berechtigung) i returns to the rootshell [root@badpc username]# tail /var/log/audit/audit.log type=USER_AUTH msg=audit(1310132164.870:53): user pid=1689 uid=0 auid=500 ses=1 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=PAM:authentication acct="root" exe="/bin/su" hostname=? addr=? terminal=pts/0 res=success' type=USER_ACCT msg=audit(1310132164.873:54): user pid=1689 uid=0 auid=500 ses=1 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=PAM:accounting acct="root" exe="/bin/su" hostname=? addr=? terminal=pts/0 res=success' type=CRED_ACQ msg=audit(1310132164.873:55): user pid=1689 uid=0 auid=500 ses=1 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=PAM:setcred acct="root" exe="/bin/su" hostname=? addr=? terminal=pts/0 res=success' type=USER_START msg=audit(1310132165.143:56): user pid=1689 uid=0 auid=500 ses=1 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=PAM:session_open acct="root" exe="/bin/su" hostname=? addr=? terminal=pts/0 res=success' type=USER_START msg=audit(1310132184.986:57): user pid=1706 uid=0 auid=500 ses=1 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=PAM:session_open acct="root" exe="/usr/bin/pkexec" hostname=? addr=? terminal=? res=success' type=USER_START msg=audit(1310132307.896:58): user pid=1710 uid=0 auid=500 ses=1 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=PAM:session_open acct="root" exe="/usr/bin/pkexec" hostname=? addr=? terminal=? res=success' type=USER_START msg=audit(1310132357.868:59): user pid=1715 uid=0 auid=500 ses=1 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=PAM:session_open acct="root" exe="/usr/bin/pkexec" hostname=? addr=? terminal=? res=success' type=USER_START msg=audit(1310132412.784:60): user pid=1718 uid=0 auid=500 ses=1 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=PAM:session_open acct="root" exe="/usr/bin/pkexec" hostname=? addr=? terminal=? res=success' type=USER_START msg=audit(1310132454.012:61): user pid=1735 uid=0 auid=500 ses=1 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=PAM:session_open acct="root" exe="/usr/bin/pkexec" hostname=? addr=? terminal=? res=success' type=USER_START msg=audit(1310132455.095:62): user pid=1738 uid=0 auid=500 ses=1 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=PAM:session_open acct="root" exe="/usr/bin/pkexec" hostname=? addr=? terminal=? res=success' [root@badpc username]#
Can confirm this. "mobile broadband" with network manager worked before (f15 x86_64), but now after some update to selinux policy its broken first I get: SELinux is preventing /usr/sbin/pppd from read access on the lnk_file /var/lock. ***** Plugin catchall (100. confidence) suggests *************************** If you believe that pppd should be allowed read access on the lock lnk_file by default. Then you should report this as a bug. You can generate a local policy module to allow this access. Do allow this access for now by executing: # grep pppd /var/log/audit/audit.log | audit2allow -M mypol # semodule -i mypol.pp then: SELinux is preventing /usr/sbin/pppd from search access on the directory lock. ***** Plugin catchall (100. confidence) suggests *************************** If you believe that pppd should be allowed search access on the lock directory by default. Then you should report this as a bug. You can generate a local policy module to allow this access. Do allow this access for now by executing: # grep pppd /var/log/audit/audit.log | audit2allow -M mypol # semodule -i mypol.pp after installing those policies mobile broadband (pppd) starts working again
got the new selinux policies from updates and this problem is now fixed
OK works fine! big *Thanks*