Description of problem: on boot SELinux is preventing /usr/libexec/nm-dhcp-helper from 'write' accesses on the sock_file private-dhcp. ***** Plugin catchall (100. confidence) suggests *************************** If vous pensez que nm-dhcp-helper devrait être autorisé à accéder write sur private-dhcp sock_file par défaut. Then vous devriez rapporter ceci en tant qu'anomalie. Vous pouvez générer un module de stratégie local pour autoriser cet accès. Do autoriser cet accès pour le moment en exécutant : # grep nm-dhcp-helper /var/log/audit/audit.log | audit2allow -M mypol # semodule -i mypol.pp Additional Information: Source Context system_u:system_r:dhcpc_t:s0 Target Context system_u:object_r:NetworkManager_var_run_t:s0 Target Objects private-dhcp [ sock_file ] Source nm-dhcp-helper Source Path /usr/libexec/nm-dhcp-helper Port <Inconnu> Host (removed) Source RPM Packages NetworkManager-0.9.9.0-2.git20130515.fc20.x86_64 Target RPM Packages Policy RPM selinux-policy-3.12.1-44.fc20.noarch Selinux Enabled True Policy Type targeted Enforcing Mode Permissive Host Name (removed) Platform Linux (removed) 3.10.0-0.rc1.git4.1.fc20.x86_64 #1 SMP Wed May 15 12:35:57 UTC 2013 x86_64 x86_64 Alert Count 30 First Seen 2013-05-15 19:06:18 CEST Last Seen 2013-05-15 19:10:09 CEST Local ID 52ecb006-817f-444d-aa25-577cf39d192f Raw Audit Messages type=AVC msg=audit(1368637809.944:126): avc: denied { write } for pid=2819 comm="nm-dhcp-helper" name="private-dhcp" dev="tmpfs" ino=47043 scontext=system_u:system_r:dhcpc_t:s0 tcontext=system_u:object_r:NetworkManager_var_run_t:s0 tclass=sock_file type=AVC msg=audit(1368637809.944:126): avc: denied { connectto } for pid=2819 comm="nm-dhcp-helper" path="/run/NetworkManager/private-dhcp" scontext=system_u:system_r:dhcpc_t:s0 tcontext=system_u:system_r:NetworkManager_t:s0 tclass=unix_stream_socket type=SYSCALL msg=audit(1368637809.944:126): arch=x86_64 syscall=connect success=yes exit=0 a0=3 a1=7fff20a0c5b0 a2=26 a3=7fff20a0c360 items=0 ppid=2817 pid=2819 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 ses=4294967295 tty=(none) comm=nm-dhcp-helper exe=/usr/libexec/nm-dhcp-helper subj=system_u:system_r:dhcpc_t:s0 key=(null) Hash: nm-dhcp-helper,dhcpc_t,NetworkManager_var_run_t,sock_file,write audit2allow #============= dhcpc_t ============== allow dhcpc_t NetworkManager_t:unix_stream_socket connectto; allow dhcpc_t NetworkManager_var_run_t:sock_file write; audit2allow -R require { type dhcpc_t; type NetworkManager_t; type NetworkManager_var_run_t; class sock_file write; class unix_stream_socket connectto; } #============= dhcpc_t ============== allow dhcpc_t NetworkManager_t:unix_stream_socket connectto; allow dhcpc_t NetworkManager_var_run_t:sock_file write; Additional info: reporter: libreport-2.1.4 hashmarkername: setroubleshoot kernel: 3.10.0-0.rc1.git4.1.fc20.x86_64 type: libreport
commit 715c20092bb6e7761af34db67300028a1514f031 Author: Miroslav Grepl <mgrepl> Date: Thu May 16 13:54:57 2013 +0200 Allow nm-dhcp-helper to stream connect to NM