Re: Alert from turning off/on wireless
On Sun, 2012-03-11 at 12:09 -0500, Steven Stern wrote: > On my (very old) laptop, I turned off the wireless (via the hardware > switch) then turned it back on, generating an alert. This action > should be allowed by the default policy. (Fedora 17) > > > SELinux is preventing NetworkManager from read access on the file > /etc/sysctl.conf. > > * Plugin catchall (100. confidence) suggests > *** > > If you believe that NetworkManager should be allowed read access on > the sysctl.conf file by default. > Then you should report this as a bug. ^^ That's what you want to do. The sealert wizard lets you file a denial as a bug. Do that, include your explanation in the bug, and you'll get a response very quickly - SELinux team is very efficient at handling these. Thanks for the report! -- Adam Williamson Fedora QA Community Monkey IRC: adamw | Twitter: AdamW_Fedora | identi.ca: adamwfedora http://www.happyassassin.net -- test mailing list test@lists.fedoraproject.org To unsubscribe: https://admin.fedoraproject.org/mailman/listinfo/test
Re: Alert from turning off/on wireless
On Sun, Mar 11, 2012 at 10:09 AM, Steven Stern wrote: > On my (very old) laptop, I turned off the wireless (via the hardware > switch) then turned it back on, generating an alert. This action > should be allowed by the default policy. (Fedora 17) > > > SELinux is preventing NetworkManager from read access on the file > /etc/sysctl.conf. This is already fixed in git: https://bugzilla.redhat.com/show_bug.cgi?id=799591 -T.C. -- test mailing list test@lists.fedoraproject.org To unsubscribe: https://admin.fedoraproject.org/mailman/listinfo/test
Alert from turning off/on wireless
On my (very old) laptop, I turned off the wireless (via the hardware
switch) then turned it back on, generating an alert. This action
should be allowed by the default policy. (Fedora 17)
SELinux is preventing NetworkManager from read access on the file
/etc/sysctl.conf.
* Plugin catchall (100. confidence) suggests
***
If you believe that NetworkManager should be allowed read access on
the sysctl.conf file by default.
Then you should report this as a bug.
You can generate a local policy module to allow this access.
Do
allow this access for now by executing:
# grep NetworkManager /var/log/audit/audit.log | audit2allow -M mypol
# semodule -i mypol.pp
Additional Information:
Source Contextsystem_u:system_r:NetworkManager_t:s0
Target Contextsystem_u:object_r:system_conf_t:s0
Target Objects/etc/sysctl.conf [ file ]
SourceNetworkManager
Source Path NetworkManager
Port
Host sdssony.sterndata.local
Source RPM Packages
Target RPM Packages initscripts-9.35-1.fc17.i686
Policy RPMselinux-policy-3.10.0-95.fc17.noarch
Selinux Enabled True
Policy Type targeted
Enforcing ModeEnforcing
Host Name sdssony.sterndata.local
Platform Linux sdssony.sterndata.local
3.3.0-0.rc6.git0.2.fc17.i686.PAE #1 SMP
Mon Mar 5
17:02:45 UTC 2012 i686 i686
Alert Count 3
First SeenSat 10 Mar 2012 05:46:38 PM CST
Last Seen Sun 11 Mar 2012 09:03:09 AM CDT
Local ID dcb10873-6853-4f15-b7ad-98be5dca0afb
Raw Audit Messages
type=AVC msg=audit(1331474589.552:82): avc: denied { read } for
pid=581 comm="NetworkManager" name="sysctl.conf" dev="sda5"
ino=2360124 scontext=system_u:system_r:NetworkManager_t:s0
tcontext=system_u:object_r:system_conf_t:s0 tclass=file
Hash: NetworkManager,NetworkManager_t,system_conf_t,file,read
audit2allowunable to open /sys/fs/selinux/policy: Permission denied
audit2allow -Runable to open /sys/fs/selinux/policy: Permission denied
--
test mailing list
test@lists.fedoraproject.org
To unsubscribe:
https://admin.fedoraproject.org/mailman/listinfo/test
