SELinux is preventing /sbin/iwconfig from using the sys_module capability.

Lawrence E Graves lgraves at risingstarmbc.com
Thu Apr 14 04:33:25 UTC 2011 

SELinux is preventing /sbin/iwconfig from using the sys_module capability.
*****  Plugin sys_module (99.5 confidence) suggests  *************************
If you do not believe that /sbin/iwconfig should be attempting to modify the kernel by loading a kernel module.
Then a process might be attempting to hack into your system.
Do
contact your security administrator and report this issue.
*****  Plugin catchall (1.49 confidence) suggests  ***************************
If you believe that iwconfig should have the sys_module capability by default.
Then you should report this as a bug.
You can generate a local policy module to allow this access.
Do
allow this access for now by executing:
# grep iwconfig /var/log/audit/audit.log | audit2allow -M mypol
# semodule -i mypol.pp
Additional Information:
Source Context                system_u:system_r:ifconfig_t:s0
Target Context                system_u:system_r:ifconfig_t:s0
Target Objects                Unknown [ capability ]
Source                        iwconfig
Source Path                   /sbin/iwconfig
Port                          <Unknown>
Host                          JesusChrist.localdomain
Source RPM Packages           wireless-tools-29-5.1.fc12
Target RPM Packages           
Policy RPM                    selinux-policy-3.9.7-37.fc14
Selinux Enabled               True
Policy Type                   targeted
Enforcing Mode                Enforcing
Host Name                     JesusChrist.localdomain
Platform                      Linux JesusChrist.localdomain
                              2.6.35.12-88.fc14.x86_64 #1 SMP Thu Mar 31
                              21:21:57 UTC 2011 x86_64 x86_64
Alert Count                   20
First Seen                    Mon 11 Apr 2011 03:29:46 PM MDT
Last Seen                     Wed 13 Apr 2011 09:45:38 PM MDT
Local ID                      813e4c2d-71c1-4f41-bf6b-2e882345860b
Raw Audit Messages
type=AVC msg=audit(1302752738.294:34808): avc:  denied  { sys_module } for  pid=6772 comm="iwconfig" capability=16  scontext=system_u:system_r:ifconfig_t:s0 tcontext=system_u:system_r:ifconfig_t:s0 tclass=capability
type=SYSCALL msg=audit(1302752738.294:34808): arch=x86_64 syscall=ioctl success=no exit=ENODEV a0=3 a1=8b06 a2=7fffca5234a0 a3=0 items=0 ppid=6761 pid=6772 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=iwconfig exe=/sbin/iwconfig subj=system_u:system_r:ifconfig_t:s0 key=(null)
Hash: iwconfig,ifconfig_t,ifconfig_t,capability,sys_module
audit2allow
#============= ifconfig_t ==============
allow ifconfig_t self:capability sys_module;
audit2allow -R
#============= ifconfig_t ==============
allow ifconfig_t self:capability sys_module;

More information about the test mailing list