Description of problem: Recieve SELinux alert upon boot Version-Release number of selected component (if applicable): selinux-policy-3.10.0-80.fc16.noarch How reproducible: Boot F16, everytime. Steps to Reproduce: 1.Boot PC 2. 3. Actual results: Expected results: Additional info: I have F16 KDE running with Updates-Testine enabled. After last update I get SELinux notification. SELinux is preventing NetworkManager from getattr access on the file /etc/sysctl.conf. ***** Plugin catchall (100. confidence) suggests *************************** If you believe that NetworkManager should be allowed getattr access on the sysctl.conf file by default. Then you should report this as a bug. You can generate a local policy module to allow this access. Do allow this access for now by executing: # grep NetworkManager /var/log/audit/audit.log | audit2allow -M mypol # semodule -i mypol.pp Additional Information: Source Context system_u:system_r:NetworkManager_t:s0 Target Context system_u:object_r:system_conf_t:s0 Target Objects /etc/sysctl.conf [ file ] Source NetworkManager Source Path NetworkManager Port <Unknown> Host fedora16dwkde Source RPM Packages Target RPM Packages initscripts-9.34.2-1.fc16.i686 Policy RPM selinux-policy-3.10.0-80.fc16.noarch Selinux Enabled True Policy Type targeted Enforcing Mode Enforcing Host Name fedora16dwkde Platform Linux fedora16dwkde 3.3.0-8.fc16.i686.PAE #1 SMP Thu Mar 29 18:26:34 UTC 2012 i686 i686 Alert Count 1 First Seen Sun 01 Apr 2012 12:19:35 PM EDT Last Seen Sun 01 Apr 2012 12:19:35 PM EDT Local ID c5f812ac-c6fa-42c5-ab72-19b44bbbb667 Raw Audit Messages type=AVC msg=audit(1333297175.322:30): avc: denied { getattr } for pid=891 comm="NetworkManager" path="/etc/sysctl.conf" dev="sda2" ino=28989 scontext=system_u:system_r:NetworkManager_t:s0 tcontext=system_u:object_r:system_conf_t:s0 tclass=file Hash: NetworkManager,NetworkManager_t,system_conf_t,file,getattr audit2allow #============= NetworkManager_t ============== allow NetworkManager_t system_conf_t:file getattr; audit2allow -R #============= NetworkManager_t ============== allow NetworkManager_t system_conf_t:file getattr; Using the workaround listed, the problem persists. I've tried 3 times now. Workaround used: # grep NetworkManager /var/log/audit/audit.log | audit2allow -M mypol # semodule -i mypol.pp
Fixed in selinux-policy-3.10.0-81.fc16 You can download these packages from koji http://kojipkgs.fedoraproject.org/packages/selinux-policy/3.10.0/81.fc16/noarch/selinux-policy-3.10.0-81.fc16.noarch.rpm http://kojipkgs.fedoraproject.org/packages/selinux-policy/3.10.0/81.fc16/noarch/selinux-policy-targeted-3.10.0-81.fc16.noarch.rpm
Thank you. Although I got this error upon installation: Updating : selinux-policy-3.10.0-81.fc16.noarch 1/4 /usr/share/selinux/devel/include/apps/jockey.if: Syntax error on line 13111 jockey_cache_t [type=IDENTIFIER] And upon reboot the notification persisted. Using the workaround: # grep NetworkManager /var/log/audit/audit.log | audit2allow -M mypol # semodule -i mypol.pp Solved the problem.
selinux-policy-3.10.0-84.fc16 has been submitted as an update for Fedora 16. https://admin.fedoraproject.org/updates/selinux-policy-3.10.0-84.fc16
Thank You No errors to report. Works well, on both the laptop and desktop.
selinux-policy-3.10.0-84.fc16 has been pushed to the Fedora 16 stable repository. If problems still persist, please make note of it in this bug report.