SELinux is preventing /sbin/iwconfig from using the sys_module capability.
Lawrence E Graves
lgraves at risingstarmbc.com
Thu Apr 14 04:33:25 UTC 2011
SELinux is preventing /sbin/iwconfig from using the sys_module capability.
***** Plugin sys_module (99.5 confidence) suggests *************************
If you do not believe that /sbin/iwconfig should be attempting to modify the kernel by loading a kernel module.
Then a process might be attempting to hack into your system.
Do
contact your security administrator and report this issue.
***** Plugin catchall (1.49 confidence) suggests ***************************
If you believe that iwconfig should have the sys_module capability by default.
Then you should report this as a bug.
You can generate a local policy module to allow this access.
Do
allow this access for now by executing:
# grep iwconfig /var/log/audit/audit.log | audit2allow -M mypol
# semodule -i mypol.pp
Additional Information:
Source Context system_u:system_r:ifconfig_t:s0
Target Context system_u:system_r:ifconfig_t:s0
Target Objects Unknown [ capability ]
Source iwconfig
Source Path /sbin/iwconfig
Port <Unknown>
Host JesusChrist.localdomain
Source RPM Packages wireless-tools-29-5.1.fc12
Target RPM Packages
Policy RPM selinux-policy-3.9.7-37.fc14
Selinux Enabled True
Policy Type targeted
Enforcing Mode Enforcing
Host Name JesusChrist.localdomain
Platform Linux JesusChrist.localdomain
2.6.35.12-88.fc14.x86_64 #1 SMP Thu Mar 31
21:21:57 UTC 2011 x86_64 x86_64
Alert Count 20
First Seen Mon 11 Apr 2011 03:29:46 PM MDT
Last Seen Wed 13 Apr 2011 09:45:38 PM MDT
Local ID 813e4c2d-71c1-4f41-bf6b-2e882345860b
Raw Audit Messages
type=AVC msg=audit(1302752738.294:34808): avc: denied { sys_module } for pid=6772 comm="iwconfig" capability=16 scontext=system_u:system_r:ifconfig_t:s0 tcontext=system_u:system_r:ifconfig_t:s0 tclass=capability
type=SYSCALL msg=audit(1302752738.294:34808): arch=x86_64 syscall=ioctl success=no exit=ENODEV a0=3 a1=8b06 a2=7fffca5234a0 a3=0 items=0 ppid=6761 pid=6772 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=iwconfig exe=/sbin/iwconfig subj=system_u:system_r:ifconfig_t:s0 key=(null)
Hash: iwconfig,ifconfig_t,ifconfig_t,capability,sys_module
audit2allow
#============= ifconfig_t ==============
allow ifconfig_t self:capability sys_module;
audit2allow -R
#============= ifconfig_t ==============
allow ifconfig_t self:capability sys_module;
More information about the test
mailing list