SELinux is preventing /sbin/iwconfig from using the sys_module capability.
Daniel J Walsh
dwalsh at redhat.com
Fri Apr 15 12:10:14 UTC 2011
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
On 04/14/2011 12:33 AM, Lawrence E Graves wrote:
> SELinux is preventing /sbin/iwconfig from using the sys_module capability.
> ***** Plugin sys_module (99.5 confidence) suggests *************************
> If you do not believe that /sbin/iwconfig should be attempting to modify the kernel by loading a kernel module.
> Then a process might be attempting to hack into your system.
> Do
> contact your security administrator and report this issue.
> ***** Plugin catchall (1.49 confidence) suggests ***************************
> If you believe that iwconfig should have the sys_module capability by default.
> Then you should report this as a bug.
> You can generate a local policy module to allow this access.
> Do
> allow this access for now by executing:
> # grep iwconfig /var/log/audit/audit.log | audit2allow -M mypol
> # semodule -i mypol.pp
> Additional Information:
> Source Context system_u:system_r:ifconfig_t:s0
> Target Context system_u:system_r:ifconfig_t:s0
> Target Objects Unknown [ capability ]
> Source iwconfig
> Source Path /sbin/iwconfig
> Port <Unknown>
> Host JesusChrist.localdomain
> Source RPM Packages wireless-tools-29-5.1.fc12
> Target RPM Packages
> Policy RPM selinux-policy-3.9.7-37.fc14
> Selinux Enabled True
> Policy Type targeted
> Enforcing Mode Enforcing
> Host Name JesusChrist.localdomain
> Platform Linux JesusChrist.localdomain
> 2.6.35.12-88.fc14.x86_64 #1 SMP Thu Mar 31
> 21:21:57 UTC 2011 x86_64 x86_64
> Alert Count 20
> First Seen Mon 11 Apr 2011 03:29:46 PM MDT
> Last Seen Wed 13 Apr 2011 09:45:38 PM MDT
> Local ID 813e4c2d-71c1-4f41-bf6b-2e882345860b
> Raw Audit Messages
> type=AVC msg=audit(1302752738.294:34808): avc: denied { sys_module } for pid=6772 comm="iwconfig" capability=16 scontext=system_u:system_r:ifconfig_t:s0 tcontext=system_u:system_r:ifconfig_t:s0 tclass=capability
> type=SYSCALL msg=audit(1302752738.294:34808): arch=x86_64 syscall=ioctl success=no exit=ENODEV a0=3 a1=8b06 a2=7fffca5234a0 a3=0 items=0 ppid=6761 pid=6772 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=iwconfig exe=/sbin/iwconfig subj=system_u:system_r:ifconfig_t:s0 key=(null)
> Hash: iwconfig,ifconfig_t,ifconfig_t,capability,sys_module
> audit2allow
> #============= ifconfig_t ==============
> allow ifconfig_t self:capability sys_module;
> audit2allow -R
> #============= ifconfig_t ==============
> allow ifconfig_t self:capability sys_module;
>
>
yum update. This is dontaudited in the latest policy.
selinux-policy-3.9.7-39.fc14
It can safely be ignored, even though it looks pretty scary...
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)
Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org/
iEYEARECAAYFAk2oNaUACgkQrlYvE4MpobPQCwCgq4ShpFCVq7iLEdWkVIYNRwsG
cWYAnA/ez11RMvzgHIF592HWdUPP7C10
=lOga
-----END PGP SIGNATURE-----
More information about the test
mailing list