Hi Sid, You can try the follwoing command
# getsebool -a | grep usernetctl usernetctl_ .. = 0 and more there could be entries for the above policy #setsebool -P usernetctl_ .. 1 All the best, Rambilas On Sun, Dec 14, 2008 at 7:12 AM, sid <[email protected]> wrote: > > This is what I am getting : - > > Summary > SELinux is preventing ifdown (hotplug_t) "getattr" to /usr/sbin/ > usernetctl (usernetctl_exec_t). Detailed DescriptionSELinux denied > access requested by ifdown. It is not expected that this access is > required by ifdown and this access may signal an intrusion attempt. It > is also possible that the specific version or configuration of the > application is causing it to require additional access. Allowing > AccessSometimes labeling problems can cause SELinux denials. You could > try to restore the default system file context for /usr/sbin/ > usernetctl, restorecon -v '/usr/sbin/usernetctl' If this does not > work, there is currently no automatic way to allow this access. > Instead, you can generate a local policy module to allow this access - > see FAQ Or you can disable SELinux protection altogether. Disabling > SELinux protection is not recommended. Please file a bug report > against this package. > > Additional Information > > Source Context: unconfined_u:system_r:hotplug_t:s0Target > Context: system_u:object_r:usernetctl_exec_t:s0Target Objects: /usr/ > sbin/usernetctl [ file ]Source: ifupSource Path: /bin/ > bashPort: <Unknown>Host: localhost.localdomainSource RPM > Packages: bash-3.2-29.fc10Target RPM > Packages: initscripts-8.86-1Policy RPM: selinux- > policy-3.5.13-18.fc10Selinux Enabled: TruePolicy Type: targetedMLS > Enabled: TrueEnforcing Mode: EnforcingPlugin > Name: catchall_fileHost Name: localhost.localdomainPlatform: Linux > localhost.localdomain 2.6.27.8 #2 SMP Sat Dec 13 11:34:17 IST 2008 > x86_64 x86_64Alert Count: 2First Seen: Sun 14 Dec 2008 06:00:01 PM > ISTLast Seen: Sun 14 Dec 2008 06:00:01 PM ISTLocal ID: 8450ba92- > ea90-4d2e-8176-90f3ce6dab9fLine Numbers: > > Raw Audit Messages : > node=localhost.localdomain type=AVC msg=audit(1229257801.88:38): avc: > denied { getattr } for pid=2275 comm="ifdown" path="/usr/sbin/ > usernetctl" dev=sda1 ino=1041653 > scontext=unconfined_u:system_r:hotplug_t:s0 > tcontext=system_u:object_r:usernetctl_exec_t:s0 tclass=file > node=localhost.localdomain type=SYSCALL msg=audit(1229257801.88:38): > arch=c000003e syscall=4 success=no exit=-13 a0=1414f00 a1=7fff046b0560 > a2=7fff046b0560 a3=7fff046b03a0 items=0 ppid=2251 pid=2275 auid=500 > uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 > fsgid=500 tty=(none) ses=1 comm="ifdown" exe="/bin/bash" > subj=unconfined_u:system_r:hotplug_t:s0 key=(null) > > On Dec 14, 7:58 am, "Rambilas Varma" <[email protected]> wrote: > > Hi Sid, > > > > can u send the ACL denial details so that the related SeLinux policy can > be > > enabled. > > > > Regards, > > Rambilas > > > > On Sun, Dec 14, 2008 at 7:56 AM, sid <[email protected]> wrote: > > > > > Hi! > > > I am using fedora 10. I am unable to connect to the internet using the > > > wireless module, because of selinux denial. I tried disabling selinux > > > using the file /etc/selinux/config, but the problem is still there. > > > Kindly help. > > > > > > > --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Linux Users Group. To post a message, send email to [email protected] To unsubscribe, send email to [email protected] For more options, visit our group at http://groups.google.com/group/linuxusersgroup -~----------~----~----~----~------~----~------~--~---
