systemd or selinux problem? CAP_SYS_MODULE/CAP_NET_ADMIN

Ian Malone ibmalone at gmail.com
Sun Nov 20 00:09:26 UTC 2011 

On 19 November 2011 18:38, Deron Meranda <deron.meranda at gmail.com> wrote:
> On Sat, Nov 19, 2011 at 9:42 AM, Ian Malone <ibmalone at gmail.com> wrote:
>> I've got quite a few of these during boot, anyone know what might be the cause?
>>
>> Loading kernel module for a network device with CAP_SYS_MODULE (deprecated).
>> Use CAP_NET_ADMIN and alias X instead.
>>
>> Where X includes netdev-snd_ice1724, netdev-snd_ac97_codec, netdev-fat,
>> netdev-vfat, netdev-bluetooth, netdev-nf_conntrack and others. Think
>> they may all be netdev-. I've tried an autorelabel in case it's a
>> labelling issue.
>
> This sounds like neither a systemd nor an SELinux issue.  Are you
> seeing anything more specific, like an AVC error?
>

No I'm not, two unrelated sealerts (gnome-session-check-accel,
/bin/mailx). I know there's a systemd unit (or appears to be) to load
kernel modules, I was wondering if this was responsible for attempting
to load these with the wrong context.

> Anyway the CAP_* symbols refer to the kernel "capabilities" (do a man
> capabilities). These are kernel-level security features, but unrelated
> to SELinux.
>

Interesting, thanks.

> The output of lsmod may also help somebody who's more familiar with this.
>
>

lsmod
Module                  Size  Used by
sunrpc                200079  1
cpufreq_ondemand        5934  4
powernow_k8            21534  0
mperf                   1449  1 powernow_k8
bnep                   14635  2
bluetooth             191587  7 bnep
nf_conntrack_ipv4       8358  5
nf_defrag_ipv4          1513  1 nf_conntrack_ipv4
ip6t_REJECT             3992  2
nf_conntrack_ipv6       7730  5
nf_defrag_ipv6          9083  1 nf_conntrack_ipv6
xt_state                1306  10
nf_conntrack           67613  3 nf_conntrack_ipv4,nf_conntrack_ipv6,xt_state
ip6table_filter         1655  1
ip6_tables             16908  1 ip6table_filter
scsi_wait_scan           789  0
arc4                    1417  2
rt2500pci              16085  0
rt2x00pci               5768  1 rt2500pci
rt2x00lib              46198  2 rt2500pci,rt2x00pci
mac80211              247272  2 rt2x00pci,rt2x00lib
nvidia              11693990  40
vfat                    8616  1
fat                    44881  1 vfat
snd_ice1724           113708  2
snd_ice17xx_ak4xxx      2720  1 snd_ice1724
snd_ac97_codec        115725  1 snd_ice1724
ac97_bus                1314  1 snd_ac97_codec
snd_ak4xxx_adda         8120  2 snd_ice1724,snd_ice17xx_ak4xxx
snd_ak4114              7843  1 snd_ice1724
snd_pt2258              3048  1 snd_ice1724
snd_i2c                 4582  2 snd_ice1724,snd_pt2258
snd_ak4113              7726  1 snd_ice1724
snd_usb_audio         104267  1
snd_seq                52322  0
snd_pcm                78520  5
snd_ice1724,snd_ac97_codec,snd_ak4114,snd_ak4113,snd_usb_audio
uvcvideo               57089  0
videodev               72120  1 uvcvideo
fuse                   62445  5
snd_hwdep               6328  1 snd_usb_audio
forcedeth              47520  0
media                  11611  2 uvcvideo,videodev
snd_usbmidi_lib        18087  1 snd_usb_audio
cfg80211              148145  2 rt2x00lib,mac80211
snd_timer              19372  2 snd_seq,snd_pcm
snd_rawmidi            20208  2 snd_ice1724,snd_usbmidi_lib
snd_seq_device          5941  2 snd_seq,snd_rawmidi
joydev                  9615  0
v4l2_compat_ioctl32     7377  1 videodev
snd                    63380  21
snd_ice1724,snd_ac97_codec,snd_ak4xxx_adda,snd_ak4114,snd_pt2258,snd_i2c,snd_ak4113,snd_usb_audio,snd_seq,snd_pcm,snd_hwdep,snd_usbmidi_lib,snd_timer,snd_rawmidi,snd_seq_device
xpad                   10582  0
nv_tco                  5352  0
i2c_nforce2             5918  0
asus_atk0110           12395  0
rfkill                 16436  4 bluetooth,cfg80211
k10temp                 3295  0
i2c_core               25712  3 nvidia,videodev,i2c_nforce2
soundcore               6267  1 snd
eeprom_93cx6            1647  1 rt2500pci
snd_page_alloc          7343  1 snd_pcm
ppdev                   7508  0
parport_pc             21184  0
parport                32342  2 ppdev,parport_pc
edac_core              40186  0
edac_mce_amd           13234  0
microcode              18587  0
ipv6                  284762  41 ip6t_REJECT,nf_conntrack_ipv6,nf_defrag_ipv6
ata_generic             3635  0
pata_amd               11200  3
pata_acpi               3419  0
sata_nv                20272  1

Modules not affected by this:
cpufreq_ondemand
nf_conntrack_ipv4
nf_conntrack_ipv6
snd_ice17xx_ak4xxx
snd_rawmidi
snd_seq_device
joydev
v4l2_compat_ioctl32
xpad
nv_tco
i2c_nforce2
asus_atk0110
rfkill
k10temp
i2c_core
soundcore
eeprom_93cx6
snd_page_alloc
ppdev
parport_pc
parport
edac_core
edac_mce_amd
microcode
ata_generic
pata_amd
pata_acpi
sata_nv

Modules complained about (with netdev- prefix):
ac97_bus
arc4
bluetooth
bnep
cfg80211
fat
forcedeth
fuse
ip6table_filter
ip6_tables
ip6t_REJECT
mac80211
media
mperf
nf_conntrack
nf_defrag_ipv4
nf_defrag_ipv6
nvidia
powernow_k8
rt2500pci
rt2x00lib
rt2x00pci
scsi_wait_scan
snd
snd_ac97_codec
snd_ak4113
snd_ak4114
snd_ak4xxx_adda
snd_hwdep
snd_i2c
snd_ice1724
snd_pcm
snd_pt2258
snd_seq
snd_timer
snd_usb_audio
snd_usbmidi_lib
sunrpc
uvcvideo
vfat
videodev
xt_state

-- 
imalone

More information about the users mailing list