Red Hat Bugzilla – Bug 801895
SELinux is preventing /usr/sbin/NetworkManager from 'open' accesses on the fil /etc/sysctl.conf.
Last modified: 2012-04-22 14:31:32 EDT
libreport version: 2.0.8 executable: /usr/bin/python hashmarkername: setroubleshoot kernel: 3.3.0-0.rc6.git0.2.fc17.x86_64 reason: SELinux is preventing /usr/sbin/NetworkManager from 'open' accesses on the fil /etc/sysctl.conf. time: fre 09 mar 2012 20:00:00 CET description: :SELinux is preventing /usr/sbin/NetworkManager from 'open' accesses on the fil /etc/sysctl.conf. : :***** Plugin catchall (100. confidence) suggests *************************** : :If you believe that NetworkManager should be allowed open access on the sysctl.conf file by default. :Then you should report this as a bug. :You can generate a local policy module to allow this access. :Do :allow this access for now by executing: :# grep NetworkManager /var/log/audit/audit.log | audit2allow -M mypol :# semodule -i mypol.pp : :Additional Information: :Source Context system_u:system_r:NetworkManager_t:s0 :Target Context system_u:object_r:system_conf_t:s0 :Target Objects /etc/sysctl.conf [ file ] :Source NetworkManager :Source Path /usr/sbin/NetworkManager :Port <Ukendt> :Host (removed) :Source RPM Packages NetworkManager-0.9.3.995-0.4.git20120302.fc17.x86_ : 64 :Target RPM Packages initscripts-9.34-3.fc17.x86_64 :Policy RPM selinux-policy-3.10.0-95.fc17.noarch :Selinux Enabled True :Policy Type targeted :Enforcing Mode Enforcing :Host Name (removed) :Platform Linux (removed) : 3.3.0-0.rc6.git0.2.fc17.x86_64 #1 SMP Mon Mar 5 : 16:54:07 UTC 2012 x86_64 x86_64 :Alert Count 2 :First Seen fre 09 mar 2012 09:01:31 CET :Last Seen fre 09 mar 2012 19:59:16 CET :Local ID 61f11c75-bde3-4263-ba88-2e74f491f3d8 : :Raw Audit Messages :type=AVC msg=audit(1331319556.910:45): avc: denied { open } for pid=640 comm="NetworkManager" name="sysctl.conf" dev="sda3" ino=2753322 scontext=system_u:system_r:NetworkManager_t:s0 tcontext=system_u:object_r:system_conf_t:s0 tclass=file : : :type=SYSCALL msg=audit(1331319556.910:45): arch=x86_64 syscall=open success=no exit=EACCES a0=4c6c82 a1=0 a2=0 a3=11 items=0 ppid=1 pid=640 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=NetworkManager exe=/usr/sbin/NetworkManager subj=system_u:system_r:NetworkManager_t:s0 key=(null) : :Hash: NetworkManager,NetworkManager_t,system_conf_t,file,open : :audit2allowunable to open /sys/fs/selinux/policy: Permission denied : : :audit2allow -Runable to open /sys/fs/selinux/policy: Permission denied : :
Fixed in selinux-policy-3.10.0-97.fc17.noarch
selinux-policy-3.10.0-103.fc17 has been submitted as an update for Fedora 17. https://admin.fedoraproject.org/updates/selinux-policy-3.10.0-103.fc17
Package selinux-policy-3.10.0-104.fc17: * should fix your issue, * was pushed to the Fedora 17 testing repository, * should be available at your local mirror within two days. Update it with: # su -c 'yum update --enablerepo=updates-testing selinux-policy-3.10.0-104.fc17' as soon as you are able to. Please go to the following url: https://admin.fedoraproject.org/updates/FEDORA-2012-4248/selinux-policy-3.10.0-104.fc17 then log in and leave karma (feedback).
selinux-policy-3.10.0-104.fc17 has been pushed to the Fedora 17 stable repository. If problems still persist, please make note of it in this bug report.
Any chance of getting this pushed to Fedora 16? Have all updates for FC16 been stopped?
Well, it should be in the stable repo.