SELinux is preventing /sbin/iwconfig from using the sys_module capability.

Daniel J Walsh dwalsh at redhat.com
Fri Apr 15 12:10:14 UTC 2011 

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On 04/14/2011 12:33 AM, Lawrence E Graves wrote:
> SELinux is preventing /sbin/iwconfig from using the sys_module capability.
> *****  Plugin sys_module (99.5 confidence) suggests  *************************
> If you do not believe that /sbin/iwconfig should be attempting to modify the kernel by loading a kernel module.
> Then a process might be attempting to hack into your system.
> Do
> contact your security administrator and report this issue.
> *****  Plugin catchall (1.49 confidence) suggests  ***************************
> If you believe that iwconfig should have the sys_module capability by default.
> Then you should report this as a bug.
> You can generate a local policy module to allow this access.
> Do
> allow this access for now by executing:
> # grep iwconfig /var/log/audit/audit.log | audit2allow -M mypol
> # semodule -i mypol.pp
> Additional Information:
> Source Context                system_u:system_r:ifconfig_t:s0
> Target Context                system_u:system_r:ifconfig_t:s0
> Target Objects                Unknown [ capability ]
> Source                        iwconfig
> Source Path                   /sbin/iwconfig
> Port                          <Unknown>
> Host                          JesusChrist.localdomain
> Source RPM Packages           wireless-tools-29-5.1.fc12
> Target RPM Packages           
> Policy RPM                    selinux-policy-3.9.7-37.fc14
> Selinux Enabled               True
> Policy Type                   targeted
> Enforcing Mode                Enforcing
> Host Name                     JesusChrist.localdomain
> Platform                      Linux JesusChrist.localdomain
>                               2.6.35.12-88.fc14.x86_64 #1 SMP Thu Mar 31
>                               21:21:57 UTC 2011 x86_64 x86_64
> Alert Count                   20
> First Seen                    Mon 11 Apr 2011 03:29:46 PM MDT
> Last Seen                     Wed 13 Apr 2011 09:45:38 PM MDT
> Local ID                      813e4c2d-71c1-4f41-bf6b-2e882345860b
> Raw Audit Messages
> type=AVC msg=audit(1302752738.294:34808): avc:  denied  { sys_module } for  pid=6772 comm="iwconfig" capability=16  scontext=system_u:system_r:ifconfig_t:s0 tcontext=system_u:system_r:ifconfig_t:s0 tclass=capability
> type=SYSCALL msg=audit(1302752738.294:34808): arch=x86_64 syscall=ioctl success=no exit=ENODEV a0=3 a1=8b06 a2=7fffca5234a0 a3=0 items=0 ppid=6761 pid=6772 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=iwconfig exe=/sbin/iwconfig subj=system_u:system_r:ifconfig_t:s0 key=(null)
> Hash: iwconfig,ifconfig_t,ifconfig_t,capability,sys_module
> audit2allow
> #============= ifconfig_t ==============
> allow ifconfig_t self:capability sys_module;
> audit2allow -R
> #============= ifconfig_t ==============
> allow ifconfig_t self:capability sys_module;
> 
> 
yum update.  This is dontaudited in the latest policy.

selinux-policy-3.9.7-39.fc14

It can safely be ignored, even though it looks pretty scary...
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)
Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org/

iEYEARECAAYFAk2oNaUACgkQrlYvE4MpobPQCwCgq4ShpFCVq7iLEdWkVIYNRwsG
cWYAnA/ez11RMvzgHIF592HWdUPP7C10
=lOga
-----END PGP SIGNATURE-----

More information about the test mailing list