network-scripts problem
Rick Stevens
ricks at nerd.com
Tue Feb 17 18:06:48 UTC 2009
Daniel J Walsh wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> Antonio Olivares wrote:
>> Dear fellow testers,
>>
>> I encountered network functions/network-scripts problem :(
>>
>> [root at localhost ~]# dhclient eth0
>> Missing /etc/sysconfig/network-scripts/network-functions, exiting.
>> Missing /etc/sysconfig/network-scripts/network-functions, exiting.
>> Missing /etc/sysconfig/network-scripts/network-functions, exiting.
>> ^C
>> [root at localhost ~]# restorecon -v 'network-scripts'
>> restorecon: stat error on network-scripts: No such file or directory
>> [root at localhost ~]# restorecon -v network-scripts
>> restorecon: stat error on network-scripts: No such file or directory
>> [root at localhost ~]# dhclient eth0
>> Missing /etc/sysconfig/network-scripts/network-functions, exiting.
>> ^C
>> You have new mail in /var/spool/mail/root
>> [root at localhost ~]# service network status
>> Configured devices:
>> lo eth0 eth1
>> Currently active devices:
>> lo eth1 eth0
>> [root at localhost ~]# service network restart
>> Shutting down interface eth0: [ OK ]
>> Shutting down interface eth1: [ OK ]
>> Shutting down loopback interface: [ OK ]
>> Disabling IPv4 packet forwarding: net.ipv4.ip_forward = 0
>> [ OK ]
>> Bringing up loopback interface: [ OK ]
>> Bringing up interface eth0:
>> Determining IP information for eth0...Missing /etc/sysconfig/network-scripts/network-functions, exiting.
>> ^C
>>
>> Got also greeted by selinux alert:
>>
>>
>> Summary:
>>
>> SELinux is preventing dhclient-script (dhcpc_t) "search" to network-scripts
>> (net_conf_t).
>>
>> Detailed Description:
>>
>> SELinux denied access requested by dhclient-script. It is not expected that this
>> access is required by dhclient-script and this access may signal an intrusion
>> attempt. It is also possible that the specific version or configuration of the
>> application is causing it to require additional access.
>>
>> Allowing Access:
>>
>> Sometimes labeling problems can cause SELinux denials. You could try to restore
>> the default system file context for network-scripts,
>>
>> restorecon -v 'network-scripts'
>>
>> If this does not work, there is currently no automatic way to allow this access.
>> Instead, you can generate a local policy module to allow this access - see FAQ
>> (http://fedora.redhat.com/docs/selinux-faq-fc5/#id2961385) Or you can disable
>> SELinux protection altogether. Disabling SELinux protection is not recommended.
>> Please file a bug report (http://bugzilla.redhat.com/bugzilla/enter_bug.cgi)
>> against this package.
>>
>> Additional Information:
>>
>> Source Context unconfined_u:system_r:dhcpc_t:SystemLow-SystemHigh
>> Target Context system_u:object_r:net_conf_t
>> Target Objects network-scripts [ dir ]
>> Source dhclient-script
>> Source Path /bin/bash
>> Port <Unknown>
>> Host localhost
>> Source RPM Packages bash-4.0-0.4.rc1.fc11
>> Target RPM Packages
>> Policy RPM selinux-policy-3.6.6-1.fc11
>> Selinux Enabled True
>> Policy Type targeted
>> MLS Enabled True
>> Enforcing Mode Enforcing
>> Plugin Name catchall_file
>> Host Name localhost
>> Platform Linux localhost 2.6.29-0.124.rc5.fc11.i586 #1 SMP
>> Mon Feb 16 21:15:37 EST 2009 i686 athlon
>> Alert Count 3
>> First Seen Tue 17 Feb 2009 09:32:55 AM CST
>> Last Seen Tue 17 Feb 2009 09:33:55 AM CST
>> Local ID 878e2548-4687-45f0-8115-d40144370614
>> Line Numbers
>>
>> Raw Audit Messages
>>
>> node=localhost type=AVC msg=audit(1234884835.408:131): avc: denied { search } for pid=11969 comm="dhclient-script" name="network-scripts" dev=dm-0 ino=28344324 scontext=unconfined_u:system_r:dhcpc_t:s0-s0:c0.c1023 tcontext=system_u:object_r:net_conf_t:s0 tclass=dir
>>
>> node=localhost type=SYSCALL msg=audit(1234884835.408:131): arch=40000003 syscall=195 success=no exit=-13 a0=8463100 a1=bfb25c2c a2=b45ff4 a3=8463102 items=0 ppid=11968 pid=11969 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts1 ses=1 comm="dhclient-script" exe="/bin/bash" subj=unconfined_u:system_r:dhcpc_t:s0-s0:c0.c1023 key=(null)
>>
>>
>> I applied it, but did not work :(
>>
>> restorecon -v 'network-scripts'
>>
>>
>> Regards,
>>
>> Antonio
>>
>>
>>
>>
> Grab the latest policy out of koji. this should be fixed.
That's irrelevant if the network-scripts file is missing (which his
error messages indicate).
Antonio, somehow you killed a HUGE part of the network setup stuff.
You'll need to reinstall the initscripts RPM to get it back.
----------------------------------------------------------------------
- Rick Stevens, Systems Engineer ricks at nerd.com -
- AIM/Skype: therps2 ICQ: 22643734 Yahoo: origrps2 -
- -
- To err is human. To forgive, a large sum of money is needed. -
----------------------------------------------------------------------
More information about the users
mailing list