Daniel J Walsh wrote:
Farkas Levente wrote:
> hi,
> a few problem with the latest policy file.
> allow dhcpc_t etc_t:file { unlink write };
restorecon /etc/resolv.conf*
there is a few more strange thing. first of all there is no restorecon,
os i install policycoreutils (but it cna be another bug since how is it
possible that policycoreutils is not among the required packages?)
anyway this do not change anything so probaly this won't solve the problem:
-----------------------------------------
[root@eagle ~]# ls -aZ /etc/resolv.conf*
-rw-rw-r-- root root
/etc/resolv.conf
-rw-rw-r-- root root user_u:object_r:file_t
/etc/resolv.conf.bak
-rw-rw-r-- root root user_u:object_r:file_t
/etc/resolv.conf.predhclient
[root@eagle ~]# restorecon /etc/resolv.conf*
[root@eagle ~]# ls -aZ /etc/resolv.conf*
-rw-rw-r-- root root
/etc/resolv.conf
-rw-rw-r-- root root user_u:object_r:file_t
/etc/resolv.conf.bak
-rw-rw-r-- root root user_u:object_r:file_t
/etc/resolv.conf.predhclient
-----------------------------------------
> allow ifconfig_t initrc_t:udp_socket { read write };
No idea what is causing this.
when i got it i issue an ifdown eth0; ifup eth0 and from the log file it
seems there is an awk somewhere in ifdown of ifup...
> ------------------------------------------
> and here is the relevant part of the log file
> ------------------------------------------
> audit(1121423510.841:2): avc: denied { read write } for pid=2215
> comm="ip" name="[6542]" dev=sockfs ino=6542
> scontext=system_u:system_r:ifconfig_t
> tcontext=system_u:system_r:initrc_t tclass=udp_socket
> audit(1121423510.846:3): avc: denied { read write } for pid=2218
> comm="ip" name="[6542]" dev=sockfs ino=6542
> scontext=system_u:system_r:ifconfig_t
> tcontext=system_u:system_r:initrc_t tclass=udp_socket
> audit(1121423655.473:4): avc: denied { write } for pid=2888
> comm="cp" name="resolv.conf.predhclient" dev=hda2 ino=3997781
> scontext=root:system_r:dhcpc_t tcontext=root:object_r:etc_t tclass=file
> audit(1121423655.473:5): avc: denied { unlink } for pid=2888
> comm="cp" name="resolv.conf.predhclient" dev=hda2 ino=3997781
> scontext=root:system_r:dhcpc_t tcontext=root:object_r:etc_t tclass=file
> audit(1121423736.907:6): avc: denied { ioctl } for pid=2982
> comm="awk" name="state" dev=proc ino=-268434831
> scontext=system_u:system_r:apmd_t tcontext=system_u:object_r:proc_t
> tclass=file
> ------------------------------------------
> yours.
>
--
Levente "Si vis pacem para bellum!"