Fedora Linux Support Community & Resources Center
  #1  
Old 15th February 2011, 03:55 PM
Kakao Offline
Registered User
 
Join Date: Nov 2005
Posts: 55
linuxfedorafirefox
NetworkManager blocked by SELinux

Fedora 13 64. NetworkManager tries to unlink /etc/hosts and is blocked:

Code:
SELinux is preventing /usr/sbin/NetworkManager from unlink access on the file /etc/hosts.

Additional Information:
Source Context                system_u:system_r:NetworkManager_t:s0
Target Context                unconfined_u:object_r:etc_t:s0
Target Objects                /etc/hosts [ file ]
Source                        NetworkManager
Source Path                   /usr/sbin/NetworkManager
Port                          <Unknown>
Host                          localhost.localdomain
Source RPM Packages           NetworkManager-0.8.1-10.git20100831.fc13
Target RPM Packages           setup-2.8.20-1.fc13
Policy RPM                    selinux-policy-3.7.19-80.fc13
Selinux Enabled               True
Policy Type                   targeted
Enforcing Mode                Enforcing
Host Name                     cl.dkt
Platform                      Linux cl.dkt 2.6.34.7-66.fc13.x86_64 #1 SMP Wed
                              Dec 15 07:04:30 UTC 2010 x86_64 x86_64
Alert Count                   24
First Seen                    Mon 14 Feb 2011 07:01:43 PM BRST
Last Seen                     Tue 15 Feb 2011 12:03:32 PM BRST
Local ID                      6d5273e2-0cb1-439a-b6c4-131a768295f4

Raw Audit Messages
type=AVC msg=audit(1297778612.157:28615): avc:  denied  { unlink } for  pid=1603 comm="NetworkManager" name="hosts" dev=dm-1 ino=1968520 scontext=system_u:system_r:NetworkManager_t:s0 tcontext=unconfined_u:object_r:etc_t:s0 tclass=file


type=SYSCALL msg=audit(1297778612.157:28615): arch=x86_64 syscall=rename success=no exit=EACCES a0=1d85e00 a1=48b7b9 a2=1d5a180 a3=1 items=0 ppid=1 pid=1603 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=NetworkManager exe=/usr/sbin/NetworkManager subj=system_u:system_r:NetworkManager_t:s0 key=(null)

Hash: NetworkManager,NetworkManager_t,etc_t,file,unlink

audit2allow

#============= NetworkManager_t ==============
allow NetworkManager_t etc_t:file unlink;

audit2allow -R

#============= NetworkManager_t ==============
allow NetworkManager_t etc_t:file unlink;
It is a notebook in a mobile connection and needs the host name to be updated at each new connection:

Code:
# cat /etc/hosts
187.115.146.197	cl.dkt	cl	# Added by NetworkManager
__________________
Folding@Home KakaoStats

Web Python
Reply With Quote
  #2  
Old 15th February 2011, 04:12 PM
jpollard Offline
Registered User
 
Join Date: Aug 2009
Location: Waldorf, Maryland
Posts: 6,662
linuxfedorafirefox
Re: NetworkManager blocked by SELinux

I think your /etc/hosts file has the wrong security label.

It should have system_u:object_r:net_conf_t:s0.

This seems to be one of the times that the recommended
change is not quite right.

You can fix this with "chcon system_u:object_r:net_conf_t:s0 /etc/hosts
as root (su - is mandatory for this)

Last edited by jpollard; 15th February 2011 at 04:14 PM.
Reply With Quote
  #3  
Old 15th February 2011, 04:49 PM
Kakao Offline
Registered User
 
Join Date: Nov 2005
Posts: 55
linuxfedorafirefox
Re: NetworkManager blocked by SELinux

It worked. Thanks.
__________________
Folding@Home KakaoStats

Web Python
Reply With Quote
Reply

Tags
blocked, networkmanager, selinux

Thread Tools Search this Thread
Search this Thread:

Advanced Search
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
NTP is blocked by SElinux linus_leung Using Fedora 1 18th July 2009 06:27 PM
Ports still blocked with SELinux/iptables disabled Solipsism Servers & Networking 1 27th December 2008 01:12 AM
UPnP blocked? FW & SELinux disabled jcarr Using Fedora 0 23rd November 2004 03:21 PM


Current GMT-time: 11:15 (Sunday, 20-04-2014)

TopSubscribe to XML RSS for all Threads in all ForumsFedoraForumDotOrg Archive
logo

All trademarks, and forum posts in this site are property of their respective owner(s).
FedoraForum.org is privately owned and is not directly sponsored by the Fedora Project or Red Hat, Inc.

Privacy Policy | Term of Use | Posting Guidelines | Archive | Contact Us | Founding Members

Powered by vBulletin® Copyright ©2000 - 2012, vBulletin Solutions, Inc.

FedoraForum is Powered by RedHat