Wicd does not seam to integrate well into Fedora after install. First of all using "service wicd start" generates an error. Executing "/usr/sbin/wicd" however works fine. Reading the error from "service wicd start" is not possible either, because SELinux blocks almost every action from Wicd because no rules is set for python executing Wicd commands, which is the second integration problem. SELinux block when python wants to write/read to wicd.log. It blocks python when it wants to check the wicd.pid and so on. For now, I have just added the missing SELinux rules manually and added "/usr/sbin/wicd" to /etc/rc.local after doing a "chkconfig wicd off" to disable the wicd service. The wicd version used is "1.7.0-9.fc15.i686" from the Updates repo.
Do you have any specific error messages or Python tracebacks you can provide? Also, with F-15, you have to use the systemd commands for services: systemctl stop wicd.service systemctl start wicd.service systemctl try-restart wicd.service If you have any SELinux errors, those would be useful as well.
service [service] start works to. It redirects to systemctl. Here is what happends when I try to start the service. - [root@laptop /]# systemctl start wicd.service - Job failed. See system logs and 'systemctl status' for details. Then i get an alert from SELinux because python tries to open wicd.log for writing. (See Attachment #1 [details]) I then open the console and type. - [root@laptop /]# grep wicd /var/log/audit/audit.log | audit2allow -M mypol - [root@laptop /]# semodule -i mypol.pp - [root@laptop /]# systemctl start wicd.service Now I get a new alert from SELinux (See Attachment #2 [details]). Also now python had permission to write to wicd.log (See Attachment #3 [details]). Now I'm stuck. I know I have to execute "semanage fcontext -a -t FILE_TYPE '/etc/dhcp/manager-settings.conf'" But which FILE_TYPE I'm not sure.
Created attachment 521075 [details] Attachment #1 [details]
Created attachment 521076 [details] Attachment #2 [details]
Created attachment 521077 [details] Attachment #3 [details]
Ignorer the links above. I did not know that this bugzilla system automated attachment links like that. I just used it as reference to the attachments at the top of the page. But lets add them here as well so that I am sure that the correct once are read. Attachment #521075 [details] (1) Attachment #521076 [details] (2) Attachment #521077 [details] (3)
One other question... is the NetworkManager service enabled? And is NetworkManager running? I guess that's two questions.
NetworkManager has been removed. Don't like having things installed that I don't use.
Created attachment 521089 [details] Attachment #4 [details]
Created attachment 521090 [details] Attachment #5 [details]
Created attachment 521093 [details] Attachment #6 [details]
Ok. Now I tried to run - [root@laptop /]# semanage fcontext -a -t net_conf_t '/etc/dhcp/manager-settings.conf' - [root@laptop /]# restorecon -v '/etc/dhcp/manager-settings.conf' as described in (Attachment #521076 [details]). This fixed that issue, but now I got the same alert for the file /etc/dhcp/wireless-settings.conf. I then executed - [root@laptop /]# semanage fcontext -a -t net_conf_t '/etc/dhcp/wireless-settings.conf' - [root@laptop /]# restorecon -v '/etc/dhcp/wireless-settings.conf' Now I got the same alert once more, this time for /etc/dhcp/wired-settings.conf. So I executed - [root@laptop /]# semanage fcontext -a -t net_conf_t '/etc/dhcp/wired-settings.conf' - [root@laptop /]# restorecon -v '/etc/dhcp/wired-settings.conf' Now things changed. SELinux now blocks ifconfig, and it blocks python from duing unlink on wicd.pid See (Attachment #521089 [details]) & (Attachment #521090 [details]) I executed - [root@laptop /]# grep ifconfig /var/log/audit/audit.log | audit2allow -M mypol - [root@laptop /]# semodule -i mypol.pp To fix the ifconfig issue and I executed - [root@laptop /]# grep wicd /var/log/audit/audit.log | audit2allow -M mypol - [root@laptop /]# semodule -i mypol.pp To fix the unlink issue. Now I don't get any more alerts from SELinux, but in the wicd.log i now have this: (Attachment #521093 [details])
The problem is if you run wicd directly as unconfined_t it will create the content with the wrong label. If you later run it via the service it will transition to the correct label of the process and then blow up because the previous run of the process labeled files incorrectly. Daniel are you still running on F15 or have you upgraded? I think we can make this integration better in F16 and F17
No I switched to Ubuntu for now. I experienced this problems on to many packages, and not just Wicd. Will properly have a look at Fedora again at some point, have been using it since the very first version came out. But I need a working machine and do not have the patient to run debugging on almost every single package I install.
This is a general problem if you start services by hand. It means there is not a proper transition and a daemon ends up with unconfined_t domain. Then all objects (like pid, sock, log files) are created with bad labels. If you need to run a service by hande because you want to debug it, there is a way using runcon tool. For example # runcon -u system_u -r system_r -t initrc_t -- runcon -t sshd_t -- /usr/sbin/sshd -d -d -d If you see an issue with starting service and you use either service script on F15 or systemctl on F16+, then we need to see AVC msgs to fix them.