AVCs on bringing up a network device via hotplug.
Aleksey Nogin
aleksey at nogin.org
Thu Mar 11 15:38:40 UTC 2004
audit(1079019200.094:0): avc: denied { net_admin } for pid=18206
exe=/sbin/nameif capability=12 scontext=system_u:system_r:hotplug_t
tcontext=system_u:system_r:hotplug_t tclass=capability
audit(1079019200.519:0): avc: denied { getattr } for pid=18144
exe=/bin/bash path=/etc/dhclient.conf dev=hda2 ino=231943
scontext=system_u:system_r:hotplug_t
tcontext=system_u:object_r:dhcp_etc_t tclass=file
audit(1079019200.521:0): avc: denied { write } for pid=18221
exe=/bin/bash name=etc dev=hda2 ino=228929
scontext=system_u:system_r:hotplug_t tcontext=system_u:object_r:etc_t
tclass=dir
audit(1079019200.521:0): avc: denied { add_name } for pid=18221
exe=/bin/bash name=dhclient-wvlan0.conf.ifupnew
scontext=system_u:system_r:hotplug_t tcontext=system_u:object_r:etc_t
tclass=dir
audit(1079019200.521:0): avc: denied { create } for pid=18221
exe=/bin/bash name=dhclient-wvlan0.conf.ifupnew
scontext=system_u:system_r:hotplug_t tcontext=system_u:object_r:etc_t
tclass=file
audit(1079019200.541:0): avc: denied { read } for pid=18221
exe=/bin/grep name=dhclient.conf dev=hda2 ino=231943
scontext=system_u:system_r:hotplug_t
tcontext=system_u:object_r:dhcp_etc_t tclass=file
audit(1079019200.542:0): avc: denied { search } for pid=17337
exe=/usr/bin/fam name=sys dev= ino=4120
scontext=system_u:system_r:inetd_child_t
tcontext=system_u:object_r:sysctl_t tclass=dir
audit(1079019200.542:0): avc: denied { getattr } for pid=17337
exe=/usr/bin/fam path=/etc/mtab dev=hda2 ino=229229
scontext=system_u:system_r:inetd_child_t
tcontext=system_u:object_r:etc_runtime_t tclass=file
audit(1079019200.572:0): avc: denied { write } for pid=18221
exe=/bin/grep path=/etc/dhclient-wvlan0.conf.ifupnew dev=hda2
ino=2191270 scontext=system_u:system_r:hotplug_t
tcontext=system_u:object_r:etc_t tclass=file
audit(1079019200.574:0): avc: denied { write } for pid=18222
exe=/bin/bash name=dhclient.conf dev=hda2 ino=231943
scontext=system_u:system_r:hotplug_t
tcontext=system_u:object_r:dhcp_etc_t tclass=file
audit(1079019200.580:0): avc: denied { remove_name } for pid=18223
exe=/bin/rm name=dhclient-wvlan0.conf.ifupnew dev=hda2 ino=2191270
scontext=system_u:system_r:hotplug_t tcontext=system_u:object_r:etc_t
tclass=dir
audit(1079019200.580:0): avc: denied { unlink } for pid=18223
exe=/bin/rm name=dhclient-wvlan0.conf.ifupnew dev=hda2 ino=2191270
scontext=system_u:system_r:hotplug_t tcontext=system_u:object_r:etc_t
tclass=file
audit(1079019200.778:0): avc: denied { dac_override } for pid=18241
exe=/bin/bash capability=1 scontext=system_u:system_r:dhcpc_t
tcontext=system_u:system_r:dhcpc_t tclass=capability
audit(1079019203.873:0): avc: denied { fsetid } for pid=18339
exe=/bin/chmod capability=4 scontext=system_u:system_r:dhcpc_t
tcontext=system_u:system_r:dhcpc_t tclass=capability
% ls --context /etc/dhclient*
-rw-r--r--+ root root system_u:object_r:dhcp_etc_t
/etc/dhclient.conf
lrwxrwxrwx root root system_u:object_r:etc_t
/etc/dhclient-eth0.conf -> dhclient.conf
lrwxrwxrwx root root system_u:object_r:etc_t
/etc/dhclient-wvlan0.conf -> dhclient.conf
--
Aleksey Nogin
Home Page: http://nogin.org/
E-Mail: nogin at cs.caltech.edu (office), aleksey at nogin.org (personal)
Office: Jorgensen 70, tel: (626) 395-2907
More information about the selinux
mailing list