AVCs on bringing up a network device via hotplug.

Aleksey Nogin aleksey at nogin.org
Thu Mar 11 15:38:40 UTC 2004 

audit(1079019200.094:0): avc:  denied  { net_admin } for  pid=18206 
exe=/sbin/nameif capability=12 scontext=system_u:system_r:hotplug_t 
tcontext=system_u:system_r:hotplug_t tclass=capability
audit(1079019200.519:0): avc:  denied  { getattr } for  pid=18144 
exe=/bin/bash path=/etc/dhclient.conf dev=hda2 ino=231943 
scontext=system_u:system_r:hotplug_t 
tcontext=system_u:object_r:dhcp_etc_t tclass=file
audit(1079019200.521:0): avc:  denied  { write } for  pid=18221 
exe=/bin/bash name=etc dev=hda2 ino=228929 
scontext=system_u:system_r:hotplug_t tcontext=system_u:object_r:etc_t 
tclass=dir
audit(1079019200.521:0): avc:  denied  { add_name } for  pid=18221 
exe=/bin/bash name=dhclient-wvlan0.conf.ifupnew 
scontext=system_u:system_r:hotplug_t tcontext=system_u:object_r:etc_t 
tclass=dir
audit(1079019200.521:0): avc:  denied  { create } for  pid=18221 
exe=/bin/bash name=dhclient-wvlan0.conf.ifupnew 
scontext=system_u:system_r:hotplug_t tcontext=system_u:object_r:etc_t 
tclass=file
audit(1079019200.541:0): avc:  denied  { read } for  pid=18221 
exe=/bin/grep name=dhclient.conf dev=hda2 ino=231943 
scontext=system_u:system_r:hotplug_t 
tcontext=system_u:object_r:dhcp_etc_t tclass=file
audit(1079019200.542:0): avc:  denied  { search } for  pid=17337 
exe=/usr/bin/fam name=sys dev= ino=4120 
scontext=system_u:system_r:inetd_child_t 
tcontext=system_u:object_r:sysctl_t tclass=dir
audit(1079019200.542:0): avc:  denied  { getattr } for  pid=17337 
exe=/usr/bin/fam path=/etc/mtab dev=hda2 ino=229229 
scontext=system_u:system_r:inetd_child_t 
tcontext=system_u:object_r:etc_runtime_t tclass=file
audit(1079019200.572:0): avc:  denied  { write } for  pid=18221 
exe=/bin/grep path=/etc/dhclient-wvlan0.conf.ifupnew dev=hda2 
ino=2191270 scontext=system_u:system_r:hotplug_t 
tcontext=system_u:object_r:etc_t tclass=file
audit(1079019200.574:0): avc:  denied  { write } for  pid=18222 
exe=/bin/bash name=dhclient.conf dev=hda2 ino=231943 
scontext=system_u:system_r:hotplug_t 
tcontext=system_u:object_r:dhcp_etc_t tclass=file
audit(1079019200.580:0): avc:  denied  { remove_name } for  pid=18223 
exe=/bin/rm name=dhclient-wvlan0.conf.ifupnew dev=hda2 ino=2191270 
scontext=system_u:system_r:hotplug_t tcontext=system_u:object_r:etc_t 
tclass=dir
audit(1079019200.580:0): avc:  denied  { unlink } for  pid=18223 
exe=/bin/rm name=dhclient-wvlan0.conf.ifupnew dev=hda2 ino=2191270 
scontext=system_u:system_r:hotplug_t tcontext=system_u:object_r:etc_t 
tclass=file
audit(1079019200.778:0): avc:  denied  { dac_override } for  pid=18241 
exe=/bin/bash capability=1 scontext=system_u:system_r:dhcpc_t 
tcontext=system_u:system_r:dhcpc_t tclass=capability
audit(1079019203.873:0): avc:  denied  { fsetid } for  pid=18339 
exe=/bin/chmod capability=4 scontext=system_u:system_r:dhcpc_t 
tcontext=system_u:system_r:dhcpc_t tclass=capability

% ls --context /etc/dhclient*
-rw-r--r--+ root     root     system_u:object_r:dhcp_etc_t 
/etc/dhclient.conf
lrwxrwxrwx  root     root     system_u:object_r:etc_t 
/etc/dhclient-eth0.conf -> dhclient.conf
lrwxrwxrwx  root     root     system_u:object_r:etc_t 
/etc/dhclient-wvlan0.conf -> dhclient.conf

-- 
Aleksey Nogin

Home Page: http://nogin.org/
E-Mail: nogin at cs.caltech.edu (office), aleksey at nogin.org (personal)
Office: Jorgensen 70, tel: (626) 395-2907

More information about the selinux mailing list