USERCTL=yes - ifup by non-privileged user AVCs.
Bill Nottingham
notting at redhat.com
Mon Mar 15 16:02:13 UTC 2004
Russell Coker (russell at coker.com.au) said:
> > I have USERCTL=yes in my /etc/sysconfig/network-scripts/ifcfg-wvlan0 and
> > I run "ifup wvlan0" as a non-privileged user. Of course, this generates
> > a long list of AVC messages. Should there be some special policy
> > provisions for the usernetctl?
> >
> > security_compute_sid: invalid context user_u:user_r:insmod_t for
> > scontext=user_u:user_r:user_t tcontext=system_u:object_r:insmod_exec_t
> > tclass=process
>
> You just don't do such things as user_r, they should be done as sysadm_r.
This breaks installed systems, though. I suppose usernetctl needs to
change roles.
Bill
More information about the selinux
mailing list