I am trying to get my wife's new Fedora 10 machine to connect to the internet, with no success so far. When I try to activate the eth0, I immediately get an SELinix message (see below) but it keeps tring for many seconds before failing. The connection itself is good -- I am using the same cable and router port right now to send this from my computer.

The message from SELinux:

SELinux is preventing consoletype (consoletype_t) "read" to /var/lib/dhclient/dhclient-eth0.leases (dhcpc_state_t). Detailed DescriptionSELinux denied access requested by consoletype. It is not expected that this access is required by consoletype and this access may signal an intrusion attempt. It is also possible that the specific version or configuration of the application is causing it to require additional access. Allowing AccessSometimes labeling problems can cause SELinux denials. You could try to restore the default system file context for /var/lib/dhclient/dhclient-eth0.leases, restorecon -v '/var/lib/dhclient/dhclient-eth0.leases' If this does not work, there is currently no automatic way to allow this access. Instead, you can generate a local policy module to allow this access - see FAQ Or you can disable SELinux protection altogether. Disabling SELinux protection is not recommended. Please file a bug report against this package. Additional InformationSource Context:**unconfined_u:system_r:consoletype_t:s0Ta rget Context:**unconfined_u:object_r:dhcpc_state_t:s0Ta rget Objects:**/var/lib/dhclient/dhclient-eth0.leases [ file ]Source:**consoletypeSource Path:**/sbin/consoletypePort:**<Unknown>Host:**janie1Source RPM Packages:**initscripts-8.86-1Target RPM Packages:**Policy RPM:**selinux-policy-3.5.13-18.fc10Selinux Enabled:**TruePolicy Type:**targetedMLS Enabled:**TrueEnforcing Mode:**EnforcingPlugin Name:**catchall_fileHost Name:**janie1Platform:**Linux janie1 2.6.27.5-117.fc10.i686 #1 SMP Tue Nov 18 12:19:59 EST 2008 i686 athlonAlert Count:**8First Seen:**Tue 11 Aug 2009 11:43:25 AM EDTLast Seen:**Tue 11 Aug 2009 03:44:25 PM EDTLocal ID:**26b90665-6860-4179-9e1a-aa5743f9e43eLine Numbers:**Raw Audit Messages :node=janie1 type=AVC msg=audit(1250019865.348:17): avc: denied { read } for pid=2947 comm="consoletype" path="/var/lib/dhclient/dhclient-eth0.leases" dev=dm-0 ino=18735868 scontext=unconfined_u:system_r:consoletype_t:s0 tcontext=unconfined_u:object_r:dhcpc_state_t:s0 tclass=file node=janie1 type=SYSCALL msg=audit(1250019865.348:17): arch=40000003 syscall=11 success=yes exit=0 a0=8830228 a1=8833598 a2=882ffb0 a3=0 items=0 ppid=2946 pid=2947 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=1 comm="consoletype" exe="/sbin/consoletype" subj=unconfined_u:system_r:consoletype_t:s0 key=(null)

It also suggests I send a bug report, but I don't really know how to do that. Also, I noticed that the terminal will not start from Gnome, which may or may not be related.

Computer is an ASUS M2N68-AM SE2 mobo, with an AMD Phenom X4 9600 CPU and 2G RAM, built from a barebones kit. Fedora 10 was installed from a DVD that came witha Linux magazine, and is the same distribution my own computer started with. (It, too, refused to connect at first, but apparently fixed itself after a few days.)

Maybe I should just wait? Otherwise, what should I try?

Thanks

It sounds like SElinux is getting in the way (as usual).

Under System > Administration > SElinux you can set the default Enforcing mode to Permissive and reboot, it should work for you then.

Still doesn't work. The error message (below) acknowledged that permission had changed.

Error message:

SummarySELinux is preventing consoletype (consoletype_t) "read" to /var/lib/dhclient/dhclient-eth0.leases (dhcpc_state_t). Detailed Description[SELinux is in permissive mode, the operation would have been denied but was permitted due to permissive mode.]SELinux denied access requested by consoletype. It is not expected that this access is required by consoletype and this access may signal an intrusion attempt. It is also possible that the specific version or configuration of the application is causing it to require additional access. Allowing AccessSometimes labeling problems can cause SELinux denials. You could try to restore the default system file context for /var/lib/dhclient/dhclient-eth0.leases, restorecon -v '/var/lib/dhclient/dhclient-eth0.leases' If this does not work, there is currently no automatic way to allow this access. Instead, you can generate a local policy module to allow this access - see FAQ Or you can disable SELinux protection altogether. Disabling SELinux protection is not recommended. Please file a bug report against this package. Additional InformationSource Context:**unconfined_u:system_r:consoletype_t:s0Ta rget Context:**unconfined_u:object_r:dhcpc_state_t:s0Ta rget Objects:**/var/lib/dhclient/dhclient-eth0.leases [ file ]Source:**consoletypeSource Path:**/sbin/consoletypePort:**<Unknown>Host:**janie1Source RPM Packages:**initscripts-8.86-1Target RPM Packages:**Policy RPM:**selinux-policy-3.5.13-18.fc10Selinux Enabled:**TruePolicy Type:**targetedMLS Enabled:**TrueEnforcing Mode:**PermissivePlugin Name:**catchall_fileHost Name:**janie1Platform:**Linux janie1 2.6.27.5-117.fc10.i686 #1 SMP Tue Nov 18 12:19:59 EST 2008 i686 athlonAlert Count:**14First Seen:**Tue 11 Aug 2009 11:43:25 AM EDTLast Seen:**Tue 11 Aug 2009 05:46:24 PM EDTLocal ID:**26b90665-6860-4179-9e1a-aa5743f9e43eLine Numbers:**Raw Audit Messages :node=janie1 type=AVC msg=audit(1250027184.723:20): avc: denied { read } for pid=3095 comm="consoletype" path="/var/lib/dhclient/dhclient-eth0.leases" dev=dm-0 ino=18735868 scontext=unconfined_u:system_r:consoletype_t:s0 tcontext=unconfined_u:object_r:dhcpc_state_t:s0 tclass=file node=janie1 type=SYSCALL msg=audit(1250027184.723:20): arch=40000003 syscall=11 success=yes exit=0 a0=8d94228 a1=8d97598 a2=8d93fb0 a3=0 items=0 ppid=3094 pid=3095 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=1 comm="consoletype" exe="/sbin/consoletype" subj=unconfined_u:system_r:consoletype_t:s0 key=(null)

I don't know but try a relabel to make the warning go away

touch /.autorelabel
reboot

Late Edit: Scratch that, a quick google reveals it can be anything from you nic's drivers to leak.

You could try to restore the default system file context for /var/lib/dhclient/dhclient-eth0.leases, restorecon -v '/var/lib/dhclient/dhclient-eth0.leases' If this does not work, there is currently no automatic way to allow this access. Instead, you can generate a local policy module to allow this access - see FAQ Or you can disable SELinux protection altogether. Disabling SELinux protection is not recommended.

So did you try the recommended workaround:restorecon -v '/var/lib/dhclient/dhclient-eth0.leases' from a root terminal? Usually when SELinux throws a warning I try the recommended fix and it works, maybe worth a try. :)

since it's new, put 11 on it or boot a LiveCD to see what happens

Pat Jr.

Thanks all, for the suggestions. I guess we'll spring for windows. It seems to me, though, that if Linux wants to be taken seriously as a mainstream OS, that some sort of automatic connection to the internet would be a no-brainer. I have now put 4 computers with Linux and two with windows on our little cable modem/ router network, and only the windows machines connected automatically. Three of the Linux boxes eventually connected, after much futzing about, and the fourth will become a windows machine instead.

Don't give up on Linux just because you could not configure this machine. At home I have four machines all networked. Two have Linux (Ubuntu 9.04 and Fedora 11) and I had no problems connecting to the Web.

I found that my router provided sufficient security that I did not need SELinux. I went to System > Administration > SElinux and selected "DISABLED" to turn it off. Many things worked much better after that. I know SELinux is a great security tool, but for my home I did not need it and many programs ran much better without all the SELinux messages.

Like I said, don't write off Linux just because it was a little bit of a hassle getting something to work after a new install. Stick with these forums, they are a great source of help. I have never had a problem that was brand new. Someone else always had a similar issue and a forum post usually resolved it, or a Google search using the error message I had received.

Good luck

Phil

So I guess it is supposed to connect automatically. It still doesn't, so there is still a problem somewhere.

Per a debug page I found online, I tried ifconfig and got this:

[jane@janie1 ~]$ ifconfig
eth0 Link encap:Ethernet HWaddr 00:26:18:3A:67:0C
inet6 addr: fe80::226:18ff:fe3a:670c/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:15334 errors:0 dropped:0 overruns:0 frame:0
TX packets:22 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:952292 (929.9 KiB) TX bytes:6028 (5.8 KiB)
Interrupt:23

eth1 Link encap:Ethernet HWaddr 00:06:4F:7E:22:53
inet6 addr: fe80::206:4fff:fe7e:2253/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:0 errors:0 dropped:0 overruns:0 frame:0
TX packets:22 errors:0 dropped:0 overruns:0 carrier:22
collisions:0 txqueuelen:1000
RX bytes:0 (0.0 b) TX bytes:5940 (5.8 KiB)
Interrupt:19 Base address:0xec00

lo Link encap:Local Loopback
inet addr:127.0.0.1 Mask:255.0.0.0
inet6 addr: ::1/128 Scope:Host
UP LOOPBACK RUNNING MTU:16436 Metric:1
RX packets:12 errors:0 dropped:0 overruns:0 frame:0
TX packets:12 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:800 (800.0 b) TX bytes:800 (800.0 b)

This looks to me like eth0 thinks it's connecting to something. For comparison, I tried ifconfig on my computer, which is connected, and got:

[harold.smith1@tinker2009 ~]$ ifconfig
eth0 Link encap:Ethernet HWaddr 00:23:54:C2:5B:31
inet addr:72.15.122.64 Bcast:72.15.123.255 Mask:255.255.252.0
inet6 addr: fe80::223:54ff:fec2:5b31/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:3800285 errors:0 dropped:0 overruns:0 frame:0
TX packets:701488 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:1267587778 (1.1 GiB) TX bytes:87135571 (83.0 MiB)
Interrupt:20 Base address:0x4000

lo Link encap:Local Loopback
inet addr:127.0.0.1 Mask:255.0.0.0
inet6 addr: ::1/128 Scope:Host
UP LOOPBACK RUNNING MTU:16436 Metric:1
RX packets:160 errors:0 dropped:0 overruns:0 frame:0
TX packets:160 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:37812 (36.9 KiB) TX bytes:37812 (36.9 KiB)

They don't look all that different to me, so I can't diagnose from this, but maybe somebody else can.

The page also suggested looking at the ifcfg-eth0 file, which reads like this:

# nVidia Corporation MCP61 Ethernet
DEVICE=eth0:0
BOOTPROTO=dhcp
USERCTL=no
IPV6INIT=no
NM_CONTROLLED=no
TYPE=Ethernet
PEERDNS=yes
ONPARENT=no

Again, this does not mean anything to me, although it does not look much like the example.

Note that my wife's computer (the one that will not connect) has a second ethernet card, which I added in hopes that it might work where the card that is built into the motherboard did not. It did not seem to help, although since I added it, I have stopped getting error messages from SELinux every time I try to activate the card.

I am willing to try anything, but am not a software person, and do not really know what to try.

Thanks

Hi Harold,

It looks to me like the computer that's connected has a static IP, are you using a router?

Hi Harold
Did you disable SELinux like zackf and I suggested? You really don't need it for a home desktop system.

The machine you are having problems with is not being assigned an IP. Is your router doing the DHCP assignments ?

The IP address your "tinker" machine has is not what you normally get from a store bought router. Usually it assigns addresses in the 192.168.0.X You can change it to whatever range you want, but normally they default to 192.168.0.X range.

Also there are some strange things on the machine you say is working.

This address: inet addr:72.15.122.64 Bcast:72.15.123.255 Mask:255.255.252.0 has some funny things going on.
here is mine: inet addr:192.168.0.105 Bcast:192.168.0.255 Mask:255.255.255.0
Notice how the first three parts (192.168.0)are the same in my IP and Broadcast. Yours should be also and your netmask should be 255.255.255.0

Normally your broadcast address is the first 3 doublets and ends with 255. Your broadcast address should be 72.15.122.255 to keep it in the same network.
Also the netmask for a normal network is usually 255.255.255.0

Can you give us a more detailed description, including model name/number of your home router and how your network is connected?

Also, are you using Gnome or KDE desktops?
Go to System -> Administration -> Network and when it opens, click Help --> About and tell us what it says. That is the program you should be using to set up your network if it didn't setup automatically. With that program you can select to either assign a DHCP address or a manual one.

On my home system I have 5 computers. my router is a D-Link 514 wireless router with four ports for my network and one port for the WAN ( which connects to my cable modem).
My router provides DHCP so all my computers get their IP address from my router. My router assigns DHCP address range 192.168.0.2 - 192.168.0.254 as a default.

My internet connection is through a cable modem, followed by what I think is a router. It gives me six ports out from the single output of the cable modem. My son bought it and got everything started about five years ago. There have been lots of computers connected to it over the years, but only recently, with my Linux experiments, have I had trouble connecting.

If that is the issue, what can I do?

Thanks

Excellent suggestion...

since it's new, put 11 on it or boot a LiveCD to see what happens

Have you done this ?

I booted a Xubuntu live CD, but still could not access internet. I did not try any particular debugging while that was running, though.

I booted a Xubuntu live CD, but still could not access internet.

Unfortunately that is not going to help your Fedora problem...

http://fedoraproject.org/get-fedora

You can get the image here.

Might not be an issue but check your BIOS and see if your Ethernet ports are enabled.

Since you have two Ethernet ports I would disable one of them for now to make things simpler.

Edit: Disable the internal port and reboot using just the card you added

My internet connection is through a cable modem, followed by what I think is a router. It gives me six ports out from the single output of the cable modem. My son bought it and got everything started about five years ago. There have been lots of computers connected to it over the years, but only recently, with my Linux experiments, have I had trouble connecting.

If that is the issue, what can I do?

Thanks
Hi Harold

I think I can help you.

We need to find out what IP address range your home network is using.
Can you provide the IP address info for all the computers on your home network, and a description of whether they are connected through cables or wireless.

For Linux boxes just do the same 'ifconfig -a" that you used before.
For the Windows machines you go to Start --> Run then enter cmd. That will open a command window and then enter "ipconfig /a" and it will show all the info for the network card in your windows machine.

Okay, I downloaded and burned a Fedora 11 live CD, and booted from it. The results appear the same, except that now eth0 and eth1 are reversed as far as which interface they associate with. I was not able to connect, nor to activate an interface.

Harold,

I edited my previous post suggesting that you go with just one Ethernet card
Suggest that you disable in the BIOS internal ( On the motherboard) reboot and run on the external.

Assume the SElinux stuff is not a factor now.

Hi Harold

I think I can help you.

We need to find out what IP address range your home network is using.
Can you provide the IP address info for all the computers on your home network, and a description of whether they are connected through cables or wireless.

For Linux boxes just do the same 'ifconfig -a" that you used before.
For the Windows machines you go to Start --> Run then enter cmd. That will open a command window and then enter "ipconfig /a" and it will show all the info for the network card in your windows machine.

I think pappo is on to something. If we could see how the windows machine is connecting it definitely will shed some light on this.

I find this puzzling, I am new to Linux and found that Ubuntu and Fedora immediately connected to the Internet via Ethernet and the DSL Router. (even the Live Cd versions). There is certainly something odd if that doesn't happen. Of course, getting wireless to work might be harder and I haven't tried it yet.

I am stuck with Samba and getting a local network running but hope this is temporary.

Harold,

After you reboot please post the output of:
nm-tool and
route
from the command line.

Edit: Did you rule out the patch cord, if not try a different one.
Is the box you connect to a Router or a Switch... Please confirm and provide more detail (look up the make and model)

Okay, I downloaded and burned a Fedora 11 live CD, and booted from it. The results appear the same, except that now eth0 and eth1 are reversed as far as which interface they associate with. I was not able to connect, nor to activate an interface.

Please provide that IP information I asked you for, on your Windows machines. Since you said they are working, once we find out what IP range your windows machines are using. We can use the Fedora network app to manually set your Linux box to an IP in that range and see it that works manually.