On Dec 15, 11:35 am, "Rambilas Varma" <[email protected]> wrote:
> Hi Sid,
>
> You can try the follwoing command
>
> # getsebool -a | grep usernetctl
> usernetctl_ .. = 0
> and more
getsebool -a does not yield anything called usernetctl
>
> there could be entries for the above policy
>
> #setsebool -P usernetctl_ .. 1
>
> All the best,
>
> Rambilas
>
> On Sun, Dec 14, 2008 at 7:12 AM, sid <[email protected]> wrote:
>
> > This is what I am getting : -
>
> > Summary
> > SELinux is preventing ifdown (hotplug_t) "getattr" to /usr/sbin/
> > usernetctl (usernetctl_exec_t). Detailed DescriptionSELinux denied
> > access requested by ifdown. It is not expected that this access is
> > required by ifdown and this access may signal an intrusion attempt. It
> > is also possible that the specific version or configuration of the
> > application is causing it to require additional access. Allowing
> > AccessSometimes labeling problems can cause SELinux denials. You could
> > try to restore the default system file context for /usr/sbin/
> > usernetctl, restorecon -v '/usr/sbin/usernetctl' If this does not
> > work, there is currently no automatic way to allow this access.
> > Instead, you can generate a local policy module to allow this access -
> > see FAQ Or you can disable SELinux protection altogether. Disabling
> > SELinux protection is not recommended. Please file a bug report
> > against this package.
>
> > Additional Information
>
> > Source Context: unconfined_u:system_r:hotplug_t:s0Target
> > Context: system_u:object_r:usernetctl_exec_t:s0Target Objects: /usr/
> > sbin/usernetctl [ file ]Source: ifupSource Path: /bin/
> > bashPort: <Unknown>Host: localhost.localdomainSource RPM
> > Packages: bash-3.2-29.fc10Target RPM
> > Packages: initscripts-8.86-1Policy RPM: selinux-
> > policy-3.5.13-18.fc10Selinux Enabled: TruePolicy Type: targetedMLS
> > Enabled: TrueEnforcing Mode: EnforcingPlugin
> > Name: catchall_fileHost Name: localhost.localdomainPlatform: Linux
> > localhost.localdomain 2.6.27.8 #2 SMP Sat Dec 13 11:34:17 IST 2008
> > x86_64 x86_64Alert Count: 2First Seen: Sun 14 Dec 2008 06:00:01 PM
> > ISTLast Seen: Sun 14 Dec 2008 06:00:01 PM ISTLocal ID: 8450ba92-
> > ea90-4d2e-8176-90f3ce6dab9fLine Numbers:
>
> > Raw Audit Messages :
> > node=localhost.localdomain type=AVC msg=audit(1229257801.88:38): avc:
> > denied { getattr } for pid=2275 comm="ifdown" path="/usr/sbin/
> > usernetctl" dev=sda1 ino=1041653
> > scontext=unconfined_u:system_r:hotplug_t:s0
> > tcontext=system_u:object_r:usernetctl_exec_t:s0 tclass=file
> > node=localhost.localdomain type=SYSCALL msg=audit(1229257801.88:38):
> > arch=c000003e syscall=4 success=no exit=-13 a0=1414f00 a1=7fff046b0560
> > a2=7fff046b0560 a3=7fff046b03a0 items=0 ppid=2251 pid=2275 auid=500
> > uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500
> > fsgid=500 tty=(none) ses=1 comm="ifdown" exe="/bin/bash"
> > subj=unconfined_u:system_r:hotplug_t:s0 key=(null)
>
> > On Dec 14, 7:58 am, "Rambilas Varma" <[email protected]> wrote:
> > > Hi Sid,
>
> > > can u send the ACL denial details so that the related SeLinux policy can
> > be
> > > enabled.
>
> > > Regards,
> > > Rambilas
>
> > > On Sun, Dec 14, 2008 at 7:56 AM, sid <[email protected]> wrote:
>
> > > > Hi!
> > > > I am using fedora 10. I am unable to connect to the internet using the
> > > > wireless module, because of selinux denial. I tried disabling selinux
> > > > using the file /etc/selinux/config, but the problem is still there.
> > > > Kindly help.
>
>
I finally disabled selinux by passing selinux=0 as kernel boot
parameter. Now the wireless is working just fine.
--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the Linux Users Group.
To post a message, send email to [email protected]
To unsubscribe, send email to [email protected]
For more options, visit our group at
http://groups.google.com/group/linuxusersgroup
-~----------~----~----~----~------~----~------~--~---
