Hide Forgot
Description of problem: missing policy , allow ifconfig_t self:capability sys_module; Version-Release number of selected component (if applicable): selinux-policy-3.7.19-93.el6.noarch tuned-0.2.19-6.el6.noarch How reproducible: deterministic Steps to Reproduce: 0. service network restart 1. /etc/init.d/tuned restart Stopping tuned: [ OK ] Starting tuned: [ OK ] Actual results: # type=AVC msg=audit(1312277552.840:119160): avc: denied { sys_module } for pid=24065 comm="ethtool" capability=16 scontext=unconfined_u:system_r:ifconfig_t:s0 tcontext=unconfined_u:system_r:ifconfig_t:s0 tclass=capability Expected results: no avc denial Additional info: It was found during: https://bugzilla.redhat.com/show_bug.cgi?id=707079#c14 $ echo 'type=AVC msg=audit(1312277373.363:119153): avc: denied { sys_module } for pid=23100 comm="ethtool" capability=16 scontext=unconfined_u:system_r:ifconfig_t:s0 tcontext=unconfined_u:system_r:ifconfig_t:s0 tclass=capability' | audit2allow #============= ifconfig_t ============== allow ifconfig_t self:capability sys_module; $ echo 'type=AVC msg=audit(1312277373.363:119153): avc: denied { sys_module } for pid=23100 comm="ethtool" capability=16 scontext=unconfined_u:system_r:ifconfig_t:s0 tcontext=unconfined_u:system_r:ifconfig_t:s0 tclass=capability' | audit2why type=AVC msg=audit(1312277373.363:119153): avc: denied { sys_module } for pid=23100 comm="ethtool" capability=16 scontext=unconfined_u:system_r:ifconfig_t:s0 tcontext=unconfined_u:system_r:ifconfig_t:s0 tclass=capability Was caused by: Missing type enforcement (TE) allow rule. You can use audit2allow to generate a loadable module to allow this access.
*** This bug has been marked as a duplicate of bug 726339 ***