USERCTL=yes - ifup by non-privileged user AVCs.
Russell Coker
russell at coker.com.au
Sun Mar 14 07:53:22 UTC 2004
On Sat, 13 Mar 2004 07:10, Aleksey Nogin <aleksey at nogin.org> wrote:
> I have USERCTL=yes in my /etc/sysconfig/network-scripts/ifcfg-wvlan0 and
> I run "ifup wvlan0" as a non-privileged user. Of course, this generates
> a long list of AVC messages. Should there be some special policy
> provisions for the usernetctl?
>
> security_compute_sid: invalid context user_u:user_r:insmod_t for
> scontext=user_u:user_r:user_t tcontext=system_u:object_r:insmod_exec_t
> tclass=process
You just don't do such things as user_r, they should be done as sysadm_r.
--
http://www.coker.com.au/selinux/ My NSA Security Enhanced Linux packages
http://www.coker.com.au/bonnie++/ Bonnie++ hard drive benchmark
http://www.coker.com.au/postal/ Postal SMTP/POP benchmark
http://www.coker.com.au/~russell/ My home page
More information about the selinux
mailing list